[Samba] CentOS 3.4 + Samba 3.0.9-1.3E.2, winbind problems

John H Terpstra jht at Samba.Org
Mon May 23 20:23:51 GMT 2005 

On Monday 23 May 2005 14:03, Sean Kennedy wrote:
> >>I don't know if it helps, but when I run winbindd -i -d3 and I do
> >>`wbinfo -t`, this is the feedback I get from winbind:
> >
> >DC-1 is refusing the connection. The security settings on it need to be
> > opened up.
> >
> >- John T.
>
> Hi John,
>
> I'm sorry John, I'm not seeing the setting you are referring to.  Would
> this setting affect one machine while 2 others are able to communicate
> fine?
>
> After reading through my output, this almost sounds like a signing error
> on the communications, which leads me to suspect that samba/kerberos
> doesn't have the require encryption somewhere along the way.  The reason
> I think that is because I see stuff like this in my logs:
> client_check_incoming_message: BAD SIG: wanted SMB signature of
> [000] 65 83 B8 05 F9 ED C7 08                           e.......
> client_check_incoming_message: BAD SIG: got SMB signature of
> [000] DA 3C 6A 63 E5 B9 1F 82                           .<jc....
>
>
> And then, further down, this:
>
> srv_check_incoming_message: signing negotiated but not required and peer
> isn't sending correct signatures. Turning off.
>
>
> Could this be caused by what you were mentioning earlier?  I'm looking
> under the GP/Window Settings/Security Settings/Local Policies/Security
> Options and User Rights.  Is that the right place to find what you are
> referring to?

Use the Administrator tools. I do not have access to my ADS server right now, 
so am going from memory. There is a tool called "Active Directory Security" 
or something similar. Suggest you check what are the policy settings 
regarding external access.

I may be off beam, but it looks like the ADS server is refusing access for the 
TCON_X call. That may be due to the Samba client not being able to support 
the encryption type, but could also be caused by policies in effect that do 
no permit access.

Later today I may be able to access my ADS server. At that time I will check 
what the admin tool is called.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

More information about the samba mailing list