[Samba] S4 AD Domain Up; but lots of NTLMSSP NTLM2 errors
Andrew Bartlett
abartlet at samba.org
Mon Dec 17 13:57:53 MST 2012
On Mon, 2012-12-17 at 09:35 -0500, Adam Tauno Williams wrote:
> samba-4.0.0 x86_64, CentOS6.3
>
> My Samba4 / AD is up and running after migrating this weekend. Testing
> looked good and the domain *is working* but there are some issues.
>
> My log.samba file is full of the following; I'm not certain of the
> significance of these.
>
> [2012/12/17 05:59:09,
> 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
> NTLMSSP NTLM2 packet check failed due to invalid signature!
> [2012/12/17 06:35:30,
Any idea what client is giving these?
I thought we managed to silence these a while back - there was a case
where this was happening on LDAP.
> Failed to modify SPNs on CN=pc02541,OU=Industries
> Workstations,DC=micore,DC=us: error in module acl: Constraint violation
> (19)
> [2012/12/17 09:24:47,
> 0] ../source4/rpc_server/drsuapi/writespn.c:237(dcesrv_drsuapi_DsWriteAccountSpn)
> Failed to modify SPNs on CN=chrisxpprovm,OU=Industries
> Workstations,DC=micore,DC=us: error in module acl: Constraint violation
> (19)
These are different to the above, and it is a known issue. We have a
set of patches, but they need much more work before we can fix that. It
happens when the client is trying to change only the case of the
servicePrincipalName over DRS.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list