[Samba] [Samba-it] samba 4.x: centos 7: Bad SMB2 signature for message

Rowland Penny rowlandpenny241155 at gmail.com
Thu Oct 22 10:16:50 UTC 2015


On 22/10/15 10:53, L.P.H. van Belle wrote:
> No didnt mis that.
> When i see :
>>>> 	realm = s-backup.studio.it
>>>> 	server string = Samba Server Version %v
>>>> 	security = DOMAIN
> Then Im thinking this is a samba 3.6x connected to an AD,
> but i can be wrong but NT4 does not use realm.
>
> ;-)
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>> Verzonden: donderdag 22 oktober 2015 11:42
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] [Samba-it] samba 4.x: centos 7: Bad SMB2 signature
>> for message
>>
>> On 22/10/15 10:17, L.P.H. van Belle wrote:
>>> Try again and add :
>>>
>>>       winbind refresh tickets = yes
>>>       winbind offline logon = yes
>>>
>>> if that does not work, i really suggest you upgrade to samba 4.2+
>>> or set the pc's to use a "lower" SMB prototol.
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dario Lesca
>>>> Verzonden: donderdag 22 oktober 2015 11:03
>>>> Aan: samba at lists.samba.org
>>>> Onderwerp: Re: [Samba] [Samba-it] samba 4.x: centos 7: Bad SMB2
>> signature
>>>> for message
>>>>
>>>> Il giorno ven, 25/09/2015 alle 11.39 +0200, Dario Lesca ha scritto:
>>>>
>>>>> Yesterday, after some day the problem It reappeared
>>>>>
>>>>> Now I try "server signing = mandatory", wait some day and let you
>>>>> know.
>>>> The problem still alive.
>>>>
>>>> Today Win8* cannot access to server, into log I see this message:
>>>>
>>>>> Oct 22 09:27:11 s-backup smbd[32645]: STATUS=daemon 'smbd' finished
>>>> starting up and ready to serve connectionssmb_signing_good: BAD SIG:
>> seq 2
>>>>> Oct 22 09:27:11 s-backup smbd[32645]: [2015/10/22 09:27:11.575613,  0]
>>>> ../source3/smbd/process.c:505(receive_smb_talloc)
>>>>> Oct 22 09:27:11 s-backup smbd[32645]: receive_smb: SMB Signature
>>>> verification failed on incoming packet!
>>>>
>>>> seem a winbind problem, if I restart it, all work fine
>>>>
>>>> Someone have some other suggest?
>>>>
>>>> This is my smb.conf:
>>>>
>>>> Load smb config files from /etc/samba/smb.conf
>>>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>> (16384)
>>>> Processing section "[homes]"
>>>> Processing section "[backup]"
>>>> Loaded services file OK.
>>>> Server role: ROLE_DOMAIN_MEMBER
>>>> [global]
>>>> 	workgroup = STUDIO
>>>> 	realm = s-backup.studio.it
>>>> 	server string = Samba Server Version %v
>>>> 	security = DOMAIN
>>>> 	passdb backend = tdbsam:/etc/samba/account.tdb
>>>> 	log file = /var/log/samba/log.%m
>>>> 	max log size = 50
>>>> 	server signing = required
>>>> 	load printers = No
>>>> 	printcap name = /dev/null
>>>> 	local master = No
>>>> 	domain master = No
>>>> 	wins server = 192.168.50.1
>>>> 	winbind enum users = Yes
>>>> 	winbind enum groups = Yes
>>>> 	winbind use default domain = Yes
>>>> 	idmap config * : range = 1000000-9999999
>>>> 	idmap config * : backend = rid
>>>> 	printing = bsd
>>>> 	cups options = raw
>>>> 	print command = lpr -r -P'%p' %s
>>>> 	lpq command = lpq -P'%p'
>>>> 	lprm command = lprm -P'%p' %j
>>>> 	store dos attributes = Yes
>>>>
>>>> [homes]
>>>> 	comment = Home Directories
>>>> 	read only = No
>>>> 	browseable = No
>>>>
>>>> [backup]
>>>> 	comment = Cartella con Backup
>>>> 	path = /backup2t/rsnapshot
>>>> 	valid users = @STUDIO\grpbackup
>>>> 	force user = root
>>>> 	force group = root
>>>> 	guest ok = Yes
>>>>
>>>> Many thanks
>>>>
>>>> --
>>>> Dario Lesca
>>>> (inviato dal mio Linux Fedora 22 con Gnome 3.16)
>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>> Louis, I think you missed that the OP is running an NT4-style PDC. :-)
>>
>> I totally agree that he should be making plans to upgrade to AD though,
>> microsoft could turn off support for NT4 at any time, and very probably
>> will.
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

OOPs, should have gone to spexsavers (for those outside the UK, 
spexsavers is an optician and this is one of their advertising jingos)

In defence, the OPs original post started with:

Hi, in a network with a PDC Linux 3.6.x, I have join to domain a 
Centos7.1 with samba 4.1.12 (last version from official repository).

So, I think the OP needs to clarify the situation.

Rowland



More information about the samba mailing list