Join XP into s4?

Matthieu Patou mat+Informatique.Samba at
Wed Jul 8 06:56:32 GMT 2009

On 07/08/2009 10:05 AM, Andrew Bartlett wrote:
> On Wed, 2009-07-08 at 07:54 +0200, Volker Lendecke wrote:
>> On Wed, Jul 08, 2009 at 08:50:13AM +1000, Andrew Bartlett wrote:
>>> On Tue, 2009-07-07 at 23:02 +0200, Volker Lendecke wrote:
>>>> Hi!
>>>> While trying to join an XP workstation into a current Samba4
>>>> DC, I'm getting
>>>> NTLM2: created signature over 117 bytes of input:
>>>> BAD SIG NTLM2: wanted signature over 117 bytes of input:
>>>> BAD SIG: got signature over 117 bytes of input:
>>>> NTLMSSP NTLM2 packet check failed due to invalid signature on 117 bytes of input!
>>>> on stdout. This is a merged build smbd4, but running all
>>>> services. From looking at the sniff, to me it looks that an
>>>> encrypted LDAP connection is being terminated by the DC.
>>>> How do I debug this? Sniffs&  any logs certainly available
>>>> on request.
>>> A big assistance would be to try and git bisect to figure out where we
>>> (I, this code is my responsibility) broke it.  Matthias first noticed
>>> what I think is the same bug a little while back, but I didn't look into
>>> the problem properly at the time.
I had the same problem two weeks ago, and I changed the default security 
level of XP in order to make a workstation join the network (I tried 
several times with this workstation). It was very weird to me as a few 
day before this problem I connected another workstation without any 
problem (and I didn't changed the version of samba between two joins).
>> Do you have a pointer where to start the bisect? A year ago?
> I doubt it's that old, but it's possible.  I would try with the previous
> alpha (from Feb), surely some of our users would have seen it if we had
> a failure there.
> I hope it's much more recent than that.  In terms of times that this
> code has changes, it's in the past few days (I made a small change
> there), possibly the time of the Heimdal merge just before the last
> alpha, and the auth merge work I did at SambaXP.
> I'm going to start chasing this down from a correctness approach (ie,
> stare at code and try and see what's wrong).
Just for the reminder my wireshark patch is dissecting NTLM 1 & 2 
version so it might helps.


More information about the samba-technical mailing list