Intermittant SMB packet signing with NTLM errors

Dave Daugherty dave.daugherty at
Mon Feb 1 13:25:10 MST 2010

Windows XP and Windows Vista


Samba 3.3.9 with Centrify modifications (nothing near the low level
packet signing code though).


We have a customer where sometimes SMB packet signing using NTLM fails,
but sometimes it succeeds.


The network trace shows the NTLM authentication succeeding and sending
back the SessionSetupAndX response signed (which the client seems happy


The next exchange is a TreeConnect which is signed by the client.  Samba
cannot work out the signature so it disables signing, sending a
0000000000000000 signature back to the client in the TreeConnect
response.  The client does not like this and breaks the connection.


The customer was using 3.0.33 (with Centrify modifications) where there
was no reported problem.


Am I overlooking something obvious?


Why not keep signing the SMB messages that are being sent back the
client rather than attempting to completely disable the signing?


More information about the samba-technical mailing list