Cross Realm SMB Signature Failure

Michael B Allen mba2000 at ioplex.com
Fri May 4 02:54:16 GMT 2007


When smbclient authenticates across realms (from MIT realm S.W.NET to
W2K3 realm W.NET) I'm seeing the server is just echoing back the same
signature sent by client. That signature of couse fails verification:

$ kinit -f ioplex at S.W.NET
Password for ioplex at S.W.NET: 
$ smbclient -k -U ioplex //dc1.w.net/tmp
signing_good: BAD SIG: seq 1
SMB Signature verification failed on incoming packet!
session setup failed: Server packet had invalid SMB signature!

If I use a W.NET cred it works fine and ssh works in the other direction
so I think the trust is good.

All enctypes are RC4. Haven't updated the W2K3 server since installing
it. Trying that now ...

I'm using stock 3.0.23c-2 on CentOS 5.0 with an unmodified smb.conf.

Has anyone seen this before?

Mike


More information about the samba-technical mailing list