Join XP into s4?
Andrew Bartlett
abartlet at samba.org
Tue Jul 7 22:50:13 GMT 2009
On Tue, 2009-07-07 at 23:02 +0200, Volker Lendecke wrote:
> Hi!
>
> While trying to join an XP workstation into a current Samba4
> DC, I'm getting
>
> NTLM2: created signature over 117 bytes of input:
> BAD SIG NTLM2: wanted signature over 117 bytes of input:
> BAD SIG: got signature over 117 bytes of input:
> NTLMSSP NTLM2 packet check failed due to invalid signature on 117 bytes of input!
>
> on stdout. This is a merged build smbd4, but running all
> services. From looking at the sniff, to me it looks that an
> encrypted LDAP connection is being terminated by the DC.
>
> How do I debug this? Sniffs & any logs certainly available
> on request.
A big assistance would be to try and git bisect to figure out where we
(I, this code is my responsibility) broke it. Matthias first noticed
what I think is the same bug a little while back, but I didn't look into
the problem properly at the time.
https://bugzilla.samba.org/show_bug.cgi?id=6470
It may have gone unnoticed for some time, because if Kerberos works, we
don't take this codepath.
An important step to prevent this in future would be to create more
'expected value' tests for our crypto code, the NTLMSSP stuff in
particular.
Sorry,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090708/d05d1323/attachment.bin
More information about the samba-technical
mailing list