[Samba] smbclient fails to connect wuth krb + signing
Michael Wilke
m at 1982.cc
Thu Feb 7 22:53:37 MST 2013
Dear all,
I hope you could assist me in finding a problem with samba and krb
connects when packet signing is activated in a domain.
I have a samba server as a AD 2k3 domain member and the connects are
working well, but when I try to use krb auth to connect to another
Windows server in the network I get an error.
Thanks a lot
---
smbclient -d5 -U micha -k -L //gunter/software
...
session request ok
Doing spnego session setup (blob length=110)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=gunter$@CITY.DOMAIN.ORG
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0]
expiration Fri, 08 Feb 2013 15:16:52 EAT
ads_krb5_mk_req: server marked as OK to delegate to, building
forwardable TGT
smb_signing_check_pdu: BAD SIG: wanted SMB signature of
[0000] 04 4D 28 7D 47 20 46 41 .M(}G FA
smb_signing_check_pdu: BAD SIG: got SMB signature of
[0000] 42 53 52 53 50 59 4C 20 BSRSPYL
smb_signing_good: signing negotiated but not required and peer
isn't sending correct signatures. Turning off.
OS=[Windows Server 2003 R2 3790 Service Pack 2] Server=[Windows Server
2003 R2 5.2]
session setup ok
tconx ok
Server Comment
--------- -------
Workgroup Master
--------- -------
---
If I use standard smbclient connection it works fine:
---
smbclient -d 3 -U micha //gunter/software
...
Client started (version 3.6.3).
Enter micha's password:
Connecting to 10.10.10.8 at port 445
Doing spnego session setup (blob length=110)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=gunter$@CITY.DOMAIN.ORG
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Domain=[DOMAIN] OS=[Windows Server 2003 R2 3790 Service Pack 2]
Server=[Windows Server 2003 R2 5.2]
smb: \>
---
samba version:
smbd --version
Version 3.6.3
smb.conf:
[global]
security = ads
realm = CITY.DOMAIN.ORG
netbios name = RESEARCH-SERVER
password server = 10.10.10.17 # PDC
client use spnego = yes
client use spnego principal = true
client signing = auto
More information about the samba
mailing list