SMB signing and 2ROT13
Dave Daugherty
dave.daugherty at centrify.com
Fri Dec 8 19:52:55 GMT 2006
I saw this problem when implementing SMB signing on a non Samba product
when working against a windows 2000 service pack 2.
The windows server negotiated signing, but in fact it did not sign the
last session setup and X response and just reflected back what I sent.
My workaround was to check if it was the sessionSetupAndX response
message and if it reflected back my last signature.
In this case I continued to sign my packets, but stopped checking the
signatures from the windows 2000 server.
Dave Daugherty
Centrify Corp
> Matthew Geddes Sent: Friday, December 08, 2006 9:59 AM
> Subject: SMB signing and 2ROT13
> Hi all,
> I've seen a problem here with a Windows 2003 Server R2 PDC (as well as
> Windows 2000 Server) where client signing is set either to auto or
> mandatory and the Windows 2003 policy is left as mandatory (the
default).
> The issue is that packet captures show SMB signing is negotiated, so
> Samba starts signing packets. Windows replies to our SMBs, but places
> the same signature from our request in the reply. We're expecting a
> different signature and barf. In the case where Samba is configured to
> use signing where possible, but not mandate it, we try to back off and
> not use signing, but Windows still mandates it.
> Apart from bit 3 and possibly bit 12 in flags2, is there anything else
> that needs to be done to negotiate signing?
> Has anyone seen this before? It certainly looks like a problem with
the
> Windows DC. I'm running 3.0.23c FWIW.
> The problem seems to come and go and I haven't yet worked out how to
> reproduce it. Any suggestions would be appreciated.
> thx,
> Matt
More information about the samba-technical
mailing list