[Samba] Signing problem with trusted domain in 3.2.0

Mon Aug 18 12:13:16 GMT 2008

Hello

I seem to be having signing problems with 3.2.0

I have 2 PDCs on 2 different sites (say A and B) both running 3.2.0, with
the line server signing = auto in smb.conf. There is a one way trust (B
trusting A) setup.

While everything works correctly on both sites for local machines access
to local shares (a site A user logged on a site A machine can perfectly
access shares of site A PDC). The problem appears when one user logged on
site A tries to access share on site B PDC, or a user of site A tries to
log on site A domain from a site B machine. This problem disappears if
server signing is set to No in smb.conf. I could make a level 10 log of
smbd process while the problem appears, and could isolate the following
lines :

[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 2
[2008/08/15 12:24:29,  0]
libsmb/smb_signing.c:srv_check_incoming_message(754)
  srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of
[2008/08/15 12:24:29,  5] lib/util.c:dump_data(2226)
  [000] 52 70 FA 2C 55 E1 28 A4                           Rp.,U.(.
[2008/08/15 12:24:29,  0]
libsmb/smb_signing.c:srv_check_incoming_message(758)
  srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of
[2008/08/15 12:24:29,  5] lib/util.c:dump_data(2226)
  [000] 8E 53 67 0F 36 6B FC DB                           .Sg.6k..

and then smbd seems to turn off signing :

[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 4294967293
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 4294967294
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 4294967295
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 0
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 1
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 2
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 3
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 4
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 5
[2008/08/15 12:24:29, 10] libsmb/smb_signing.c:simple_packet_signature(285)
  simple_packet_signature: sequence number 6
[2008/08/15 12:24:29,  5] libsmb/smb_signing.c:signing_good(243)
  srv_check_incoming_message: signing negotiated but not required and peer
  isn't sending correct signatures. Turning off.

And at some point, the connexion is terminated (and windows pops up some
error message saying the server is no more available):

[2008/08/15 12:24:29, 10] lib/util.c:dump_data(2226)
  [000] 49 50 43 00 00 00 00                              IPC....
[2008/08/15 12:24:29,  5] lib/util_sock.c:read_socket_with_timeout(928)
  read_socket_with_timeout: blocking read. EOF from client.
[2008/08/15 12:24:29, 10] smbd/process.c:receive_smb_raw_talloc(276)
  receive_smb_raw: NT_STATUS_END_OF_FILE
[2008/08/15 12:24:29,  3] smbd/process.c:smbd_process(2027)
  receive_message_or_smb failed: NT_STATUS_END_OF_FILE, exiting
[2008/08/15 12:24:29,  5] lib/gencache.c:gencache_shutdown(93)
  Closing cache file

The complete log is available at http://www.thom.fr.eu.org/log.smbd

Anybody gone through similar problem ?

Thanks

François

-- 