[Samba] SMB Signature verification failed on incoming packet!
David Nalley
davidnalley at BryanRamey.com
Tue Mar 1 01:51:11 GMT 2005
I am running Samba 3.0.9/KRB5 1.4 on Centos 3.4 on x86 with security = ADS in a Win2k3 domain. I have successfully used kinit to authenticate, joined the domain, and wbinfo -g/-u/-t return the expected results. However, when I try and access the samba shares from a Win2k3 box, it fails telling me I don't have permissions to access the share. Needless to say I am thoroughly perplexed. I have seen several posts regarding this situation, but no clear direction on solving it. After two days of googling, the list archives, and #samba, I beg the list to put me out of my misery. Below are log and conf files from the appropriate sources. TIA!!!
I find the following in my smbd.log:
[2005/02/28 20:40:07, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/02/28 20:40:07, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
[2005/02/28 20:40:07, 0] lib/util_sock.c:write_socket_data(430)
write_socket_data: write failure. Error = Connection reset by peer
[2005/02/28 20:40:07, 0] lib/util_sock.c:write_socket(455)
write_socket: Error writing 4 bytes to socket 22: ERRNO = Connection reset by peer
[2005/02/28 20:40:07, 0] lib/util_sock.c:send_smb(647)
Error writing 4 bytes to client. -1. (Connection reset by peer)
[2005/02/28 20:40:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username TRW+wopr$ is invalid on this system
[2005/02/28 20:40:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(250)
Username TRW+wopr$ is invalid on this system
#######I also have the following in my winbindd.log:
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'JNALLEY' does not exist
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'jnalley' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'jnalley' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'JNALLEY' does not exist
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 0] libsmb/smb_signing.c:signing_good(240)
signing_good: BAD SIG: seq 1
[2005/02/28 20:40:07, 0] libsmb/clientgen.c:cli_receive_smb(121)
SMB Signature verification failed on incoming packet!
[2005/02/28 20:40:07, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
group Domain Users in domain TRW does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'wopr$' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'wopr$' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'WOPR$' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'wopr$' does not exist
[2005/02/28 20:40:07, 1] nsswitch/winbindd_user.c:winbindd_getpwnam(161)
user 'WOPR$' does not exist
[2005/02/28 20:40:09, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
group Domain Users in domain TRW does not exist
[2005/02/28 20:40:13, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(298)
group Domain Users in domain TRW does not exist
################ smb.conf #########################
[global]
workgroup = TRW
netbios name = JOSHUA
#winbind defs
#this is the separatr for domain/username
winbind separator = +
#idmap uid and idmap gid are aliases for winbind uid and gid
idmap gid = 10000-20000
idmap uid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
#AD STuff
security = ads
encrypt passwords = yes
realm = grnvl.trw.com
password server = wopr.grnvl.trw.com
domain master = no
client use spnego = yes
[bubba]
comment = bubba application data
path = /data/bubba
read only = no
browseable = yes
valid users = @"Domain Users"
##################### krb5.conf ####################
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = GRNVL.TRW.COM
default_tkt_enctypes = des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des-cbc-md5 des-cbc-crc
dns_lookup_realm = yes
dns_lookup_kdc = yes
[realms]
GRNVL.TRW.COM = {
kdc = WOPR.GRNVL.TRW.COM
admin_server = WOPR.GRNVL.TRW.COM
default_domain = GRNVL.TRW.COM
password_server = WOPR.GRNVL.TRW.COM
}
[domain_realm]
.grnvl.trw.com = GRNVL.TRW.COM
grnvl.trw.com = GRNVL.TRW.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
--
This message has been scanned for viruses, spam and
dangerous content by MailScanner, utilizing ClamAV
and SpamAssassin on RedHat Linux (Valhalla) and is
believed to be clean.
More information about the samba
mailing list