[Samba] SMB Signature verification failed when establish trust with
win2003 domain
Lin Li
linl at xandros.com
Thu Apr 5 19:21:23 GMT 2007
I have a samba PDC (using samba 3.0.24). When I try to establish trust
with a win2003 domain, I got signing error, see the log below. Trust
with NT domain and win2000 domain works. Any help are appreciated.
Thanks,
Lin
[2007/04/04 17:00:13, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
[2007/04/04 17:00:13, 3] param/loadparm.c:lp_load(4953)
lp_load: refreshing parameters
[2007/04/04 17:00:13, 3] param/loadparm.c:init_globals(1418)
Initialising global parameters
[2007/04/04 17:00:13, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2007/04/04 17:00:13, 3] param/loadparm.c:do_section(3695)
Processing section "[global]"
doing parameter admin users = XANSMB+administrator @XANSMB+admins
doing parameter add machine script = /opt/xandros/bin/dvaddcomputer %u
doing parameter client use spnego = no
doing parameter display charset = UTF8
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2LE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2LE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16LE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16LE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2BE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2BE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16BE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16BE
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF8
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF8
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-8
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-8
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ASCII
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ASCII
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset 646
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset 646
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ISO-8859-1
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ISO-8859-1
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS2-HEX
[2007/04/04 17:00:13, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS2-HEX
doing parameter dns proxy = no
doing parameter domain logons = yes
doing parameter domain master = yes
doing parameter dos filetimes = yes
doing parameter encrypt passwords = yes
doing parameter idmap gid = 10000-20000
doing parameter idmap uid = 10000-20000
doing parameter invalid users = root
doing parameter ldap admin dn = "cn=admin,dc=xpassdb,dc=xsmb"
doing parameter ldap delete dn = yes
doing parameter ldap group suffix = ou=Groups
doing parameter ldap machine suffix = ou=Computers
doing parameter ldap suffix = dc=xpassdb,dc=xsmb
doing parameter ldap user suffix = ou=People
doing parameter load printers = no
doing parameter local master = yes
doing parameter log file = /var/log/samba/log.%m
doing parameter logon drive = Z:
doing parameter logon home = \\%N\%U
doing parameter logon path = \\%N\profiles\%U
doing parameter map to guest = Bad User
doing parameter max log size = 1000
doing parameter name resolve order = lmhosts host wins bcast
doing parameter obey pam restrictions = yes
doing parameter os level = 65
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter passdb backend = ldapsam:ldap://127.0.0.1:4389
doing parameter passwd chat = *Enter\snew\spassword:* %n\n .
doing parameter passwd program = /opt/xandros/bin/gumpasswdsync %u
doing parameter password server = *
doing parameter preferred master = yes
doing parameter printcap name = cups
doing parameter printing = cups
doing parameter security = USER
doing parameter server string = %h (Xandros Server)
doing parameter socket options = TCP_NODELAY
doing parameter syslog = 0
doing parameter template shell = /bin/bash
doing parameter unix charset = UTF8
doing parameter unix password sync = yes
doing parameter winbind enum groups = no
doing parameter winbind enum users = no
doing parameter winbind separator = +
doing parameter wins server = 172.18.0.2
doing parameter workgroup = XANSMB
[2007/04/04 17:00:13, 4] param/loadparm.c:lp_load(4984)
pm_process() returned Yes
[2007/04/04 17:00:13, 7] param/loadparm.c:lp_servicenumber(5120)
lp_servicenumber: couldn't find homes
[2007/04/04 17:00:13, 10] param/loadparm.c:set_server_role(4229)
set_server_role: role = ROLE_DOMAIN_PDC
[2007/04/04 17:00:13, 5] lib/util.c:init_names(286)
Netbios name list:-
my_netbios_names[0]="XSERVER"
[2007/04/04 17:00:13, 2] lib/interface.c:add_interface(81)
added interface ip=172.18.0.6 bcast=172.18.255.255 nmask=255.255.0.0
[2007/04/04 17:00:13, 10] libsmb/namequery.c:internal_resolve_name(1132)
internal_resolve_name: looking up XANQANET1#1b
[2007/04/04 17:00:13, 5] lib/gencache.c:gencache_init(61)
Opening cache file at /var/run/samba/gencache.tdb
[2007/04/04 17:00:13, 10] lib/gencache.c:gencache_get(304)
Returning valid cache entry: key = NBT/XANQANET1#1B, value =
172.18.0.3:0, timeout = Wed Apr 4 17:05:50 2007
[2007/04/04 17:00:13, 5] libsmb/namecache.c:namecache_fetch(216)
name XANQANET1#1B found.
[2007/04/04 17:00:13, 10] libsmb/namequery.c:name_status_find(276)
name_status_find: looking up XANQANET1#1b at 172.18.0.3
[2007/04/04 17:00:13, 10] lib/gencache.c:gencache_get(304)
Returning valid cache entry: key = NBT/XANQANET1#1B.20.172.18.0.3,
value = MASTER1, timeout = Wed Apr 4 17:05:50 2007
[2007/04/04 17:00:13, 5] libsmb/namecache.c:namecache_status_fetch(324)
namecache_status_fetch: key NBT/XANQANET1#1B.20.172.18.0.3 -> MASTER1
[2007/04/04 17:00:16, 3] libsmb/cliconnect.c:cli_start_connection(1426)
Connecting to host=MASTER1
[2007/04/04 17:00:16, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 172.18.0.3 at port 445
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_KEEPALIVE = 0
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_REUSEADDR = 0
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_BROADCAST = 0
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option TCP_NODELAY = 1
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option TCP_KEEPCNT = 9
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option TCP_KEEPIDLE = 7200
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option TCP_KEEPINTVL = 75
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option IPTOS_LOWDELAY = 0
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option IPTOS_THROUGHPUT = 0
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_SNDBUF = 16384
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_RCVBUF = 87380
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_SNDLOWAT = 1
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_RCVLOWAT = 1
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_SNDTIMEO = 0
[2007/04/04 17:00:16, 5] lib/util_sock.c:print_socket_options(206)
socket option SO_RCVTIMEO = 0
[2007/04/04 17:00:16, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,183)
[2007/04/04 17:00:16, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,183) wrote 183
[2007/04/04 17:00:16, 10]
lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 113
[2007/04/04 17:00:16, 5] lib/util.c:show_msg(485)
[2007/04/04 17:00:16, 5] lib/util.c:show_msg(495)
size=113
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=49153
smb_tid=0
smb_pid=22054
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12815 (0x320F)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 17 (0x11)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 499 (0x1F3)
smb_vwv[11]=64512 (0xFC00)
smb_vwv[12]=21932 (0x55AC)
smb_vwv[13]=64563 (0xFC33)
smb_vwv[14]=51062 (0xC776)
smb_vwv[15]=61441 (0xF001)
smb_vwv[16]= 2048 (0x800)
smb_bcc=44
[2007/04/04 17:00:16, 10] lib/util.c:dump_data(2222)
[000] 08 EE 0C 53 93 AD 3B 1D 58 00 41 00 4E 00 51 00 ...S..;. X.A.N.Q.
[010] 41 00 4E 00 45 00 54 00 31 00 00 00 4D 00 41 00 A.N.E.T. 1...M.A.
[020] 53 00 54 00 45 00 52 00 31 00 00 00 S.T.E.R. 1...
[2007/04/04 17:00:16, 5] lib/util.c:show_msg(485)
[2007/04/04 17:00:16, 5] lib/util.c:show_msg(495)
size=113
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=49153
smb_tid=0
smb_pid=22054
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]= 8 (0x8)
smb_vwv[ 1]=12815 (0x320F)
smb_vwv[ 2]= 256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]= 17 (0x11)
smb_vwv[ 5]= 0 (0x0)
smb_vwv[ 6]= 256 (0x100)
smb_vwv[ 7]= 0 (0x0)
smb_vwv[ 8]= 0 (0x0)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]= 499 (0x1F3)
smb_vwv[11]=64512 (0xFC00)
smb_vwv[12]=21932 (0x55AC)
smb_vwv[13]=64563 (0xFC33)
smb_vwv[14]=51062 (0xC776)
smb_vwv[15]=61441 (0xF001)
smb_vwv[16]= 2048 (0x800)
smb_bcc=44
[2007/04/04 17:00:16, 10] lib/util.c:dump_data(2222)
[000] 08 EE 0C 53 93 AD 3B 1D 58 00 41 00 4E 00 51 00 ...S..;. X.A.N.Q.
[010] 41 00 4E 00 45 00 54 00 31 00 00 00 4D 00 41 00 A.N.E.T. 1...M.A.
[020] 53 00 54 00 45 00 52 00 31 00 00 00 S.T.E.R. 1...
[2007/04/04 17:00:16, 5]
libsmb/smb_signing.c:set_smb_signing_real_common(141)
Mandatory SMB signing enabled!
[2007/04/04 17:00:16, 5]
libsmb/smb_signing.c:set_smb_signing_real_common(145)
SMB signing enabled!
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:cli_simple_set_signing(487)
cli_simple_set_signing: user_session_key
[2007/04/04 17:00:16, 10] lib/util.c:dump_data(2222)
[000] 93 81 E6 97 AB C0 DB 8D 46 1F 6E BA 64 EA 86 C4 ........ F.n.d...
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:cli_simple_set_signing(492)
cli_simple_set_signing: response_data
[2007/04/04 17:00:16, 10] lib/util.c:dump_data(2222)
[000] 83 DF D1 94 32 64 EF 3D 6D A3 34 B3 F5 25 EB A9 ....2d.= m.4..%..
[010] 94 16 E3 35 CD AD 98 01 ...5....
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 0
[2007/04/04 17:00:16, 10]
libsmb/smb_signing.c:client_sign_outgoing_message(348)
client_sign_outgoing_message: sent SMB signature of
[2007/04/04 17:00:16, 10] lib/util.c:dump_data(2222)
[000] E9 6F CB EA A4 15 B6 91 .o......
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:store_sequence_for_reply(68)
store_sequence_for_reply: stored seq = 1 mid = 2
[2007/04/04 17:00:16, 6] libsmb/clientgen.c:write_socket(132)
write_socket(4,172)
[2007/04/04 17:00:16, 6] libsmb/clientgen.c:write_socket(135)
write_socket(4,172) wrote 172
[2007/04/04 17:00:16, 10]
lib/util_sock.c:read_smb_length_return_keepalive(623)
got smb length of 35
[2007/04/04 17:00:16, 5] lib/util.c:show_msg(485)
[2007/04/04 17:00:16, 5] lib/util.c:show_msg(495)
size=35
smb_com=0x73
smb_rcls=152
smb_reh=1
smb_err=49152
smb_flg=136
smb_flg2=49157
smb_tid=0
smb_pid=22054
smb_uid=0
smb_mid=2
smt_wct=0
smb_bcc=0
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:get_sequence_for_reply(81)
get_sequence_for_reply: found seq = 1 mid = 2
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 1
[2007/04/04 17:00:16, 5]
libsmb/smb_signing.c:client_check_incoming_message(408)
client_check_incoming_message: BAD SIG: wanted SMB signature of
[2007/04/04 17:00:16, 5] lib/util.c:dump_data(2222)
[000] B5 BD 56 F1 94 91 FD DC
[2007/04/04 17:00:16, 5]
libsmb/smb_signing.c:client_check_incoming_message(411)
client_check_incoming_message: BAD SIG: got SMB signature of
[2007/04/04 17:00:16, 5] lib/util.c:dump_data(2222)
[000] E9 6F CB EA A4 15 B6 91 .o......
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 4294967292
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 4294967293
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 4294967294
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 4294967295
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 0
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 1
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 2
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 3
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 4
[2007/04/04 17:00:16, 10] libsmb/smb_signing.c:simple_packet_signature(283)
simple_packet_signature: sequence number 5
[2007/04/04 17:00:16, 0] libsmb/smb_signing.c:signing_good(253)
signing_good: BAD SIG: seq 1
[2007/04/04 17:00:16, 0] libsmb/clientgen.c:cli_receive_smb(119)
SMB Signature verification failed on incoming packet!
[2007/04/04 17:00:16, 3] libsmb/cliconnect.c:cli_session_setup(893)
cli_session_setup: NT1 session setup failed!
[2007/04/04 17:00:16, 1] libsmb/cliconnect.c:cli_full_connection(1523)
failed session setup with NT_STATUS_INVALID_PARAMETER
[2007/04/04 17:00:16, 10] intl/lang_tdb.c:lang_tdb_init(138)
lang_tdb_init: /usr/share/samba/en_US.msg: No such file or directory
Could not connect to server MASTER1
[2007/04/04 17:00:16, 0] utils/net_rpc.c:rpc_trustdom_establish(5640)
Couldn't verify trusting domain account. Error was
NT_STATUS_INVALID_PARAMETER
[2007/04/04 17:00:16, 2] utils/net.c:main(988)
return code = -1
More information about the samba
mailing list