[Samba] signing_good: BAD SIG: seq 1 & SMB Signature verification failed on incoming packet!

Andrew Bartlett abartlet at samba.org
Fri Jan 14 02:44:29 GMT 2005


On Fri, 2005-01-14 at 09:46 +1100, Tyler Retzlaff wrote:
> When winbind is started I get the following log messages:
> 
>  signing_good: BAD SIG: seq 1
>  SMB Signature verification failed on incoming packet!
> 
> After extensive googling the only reference I find is that my kerberos might 
> be too old. (using krb 1.2.4).  Can someone confirm is this a bug in kerberos 
> or a bug in samba.  If the later is there a workaround or do I have to 
> upgrade to new kerberos?

That is the best fix, but I think Samba 3.0.10 (the current security
release) also contains code to handle this (we get a minor detail about
padding a key wrong).  If not, it should be in 3.0.11pre1.

> If an kerberos upgrade is necessary maybe someone knows where I can get a 
> backport of kerberos 1.3 for debian woody?

I always say that you should run krb5 1.3, and I know people have tried,
and upgrading Kerberos always seems to be a dependency nightmare (at
least from the RH experience).

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050114/2c24e6ae/attachment.bin


More information about the samba mailing list