Cross Realm SMB Signature Failure

Michael B Allen mba2000 at ioplex.com
Fri May 4 18:18:12 GMT 2007


On Fri, 4 May 2007 10:56:10 -0700
Jeremy Allison <jra at samba.org> wrote:

> On Thu, May 03, 2007 at 10:54:16PM -0400, Michael B Allen wrote:
> > When smbclient authenticates across realms (from MIT realm S.W.NET to
> > W2K3 realm W.NET) I'm seeing the server is just echoing back the same
> > signature sent by client. That signature of couse fails verification:
> > 
> > $ kinit -f ioplex at S.W.NET
> > Password for ioplex at S.W.NET: 
> > $ smbclient -k -U ioplex //dc1.w.net/tmp
> > signing_good: BAD SIG: seq 1
> > SMB Signature verification failed on incoming packet!
> > session setup failed: Server packet had invalid SMB signature!
> > 
> > If I use a W.NET cred it works fine and ssh works in the other direction
> > so I think the trust is good.
> > 
> > All enctypes are RC4. Haven't updated the W2K3 server since installing
> > it. Trying that now ...
> > 
> > I'm using stock 3.0.23c-2 on CentOS 5.0 with an unmodified smb.conf.
> > 
> > Has anyone seen this before?
> 
> Yes - I have a fix for this in the current 3.0.25rc tree.

Don't tease us Jer. What was it? It was a salting issue right?

Mike


More information about the samba-technical mailing list