[Samba] Trouble with access to sysvol share using SMB2 or SMB3 protocol on client PC

Rowland Penny rpenny at samba.org
Tue Dec 27 17:40:16 UTC 2016


On Tue, 27 Dec 2016 19:21:34 +0200
Yaroslav Yurta via samba <samba at lists.samba.org> wrote:

> Hi, guys.
> I have an issue with accessing to my sysvol share with smb2 or smb3
> clients. I have an issue with editing my Group Policy from Windows
> 7,8,8.1,10 or Windows Server 2012 clients with RSAT installed and
> everything works fine when I edit group policy from Windows XP
> machine. I disable SMB2 & SMB3 in my Windows server machine and it
> fix the problem, but is it a correct workaround for my problem or
> something going wrong in my Samba DC?
> In logs I see many records like this:
> Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.599455,  0,
> pid=12831, effective(0, 0), real(0,
> 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:14 potter
> samba[12831]:  [0000] D4 9D DA 0E 91 76 54 45   98 53 02 60 4C 07 DD
> 09   .....vTE .S.`L... Dec 27 19:17:14 potter samba[12831]:
> [2016/12/27 19:17:14.601839,  0, pid=12831, effective(0, 0), real(0,
> 0)] ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
> Dec 27 19:17:14 potter samba[12831]:  Bad SMB2 signature for message
> of size 202
> Dec 27 19:17:14 potter samba[12831]: [2016/12/27 19:17:14.601880,  0,
> pid=12831, effective(0, 0), real(0,
> 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:14 potter
> samba[12831]:  [0000] A2 9E 95 E2 CE 4B E6 E6   D5 07 F4 72 E6 4C CF
> 98   .....K.. ...r.L.. Dec 27 19:17:14 potter samba[12831]:
> [2016/12/27 19:17:14.601925,  0, pid=12831, effective(0, 0), real(0,
> 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:14 potter
> samba[12831]:  [0000] FB 60 13 76 92 88 56 4F   AA 9C 35 4C D5 AB F2
> 1B   .`.v..VO ..5L.... Dec 27 19:17:15 potter samba[12831]:
> [2016/12/27 19:17:15.113853,  0, pid=12831, effective(0, 0), real(0,
> 0)] ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
> Dec 27 19:17:15 potter samba[12831]:  Bad SMB2 signature for message
> of size 202
> Dec 27 19:17:15 potter samba[12831]: [2016/12/27 19:17:15.113894,  0,
> pid=12831, effective(0, 0), real(0,
> 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:15 potter
> samba[12831]:  [0000] 73 43 48 69 04 3B 67 C1   DF D4 46 E8 F1 E0 52
> C5   sCHi.;g. ..F...R. Dec 27 19:17:15 potter samba[12831]:
> [2016/12/27 19:17:15.113940,  0, pid=12831, effective(0, 0), real(0,
> 0)] ../lib/util/util.c:559(dump_data) Dec 27 19:17:15 potter
> samba[12831]:  [0000] CF C1 F3 45 2A 8E 01 E3   D0 E1 1E 84 EE ED 6D
> B5   ...E*... ......m. Dec 27 19:17:17 potter samba[12831]:
> [2016/12/27 19:17:17.625580,  0, pid=12831, effective(0, 0), real(0,
> 0)] ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
> Dec 27 19:17:17 potter samba[12831]:  Bad SMB2 signature for message
> of size 202
> Dec 27 19:17:19 potter samba[12831]: [2016/12/27 19:17:19.638596,  0,
> pid=12831, effective(0, 0), real(0, 0)]
> ../source4/libcli/smb2/signing.c:116(smb2_check_signature)
> Dec 27 19:17:19 potter samba[12831]:  Bad SMB2 signature for message
> of size 312
> 
> permissions on sysvol:
> getfacl sysvol
> 
> # file: sysvol
> 
> 
> # owner: root
> 
> 
> # group: 3000000
> 
> 
> user::rwx
> 
> 
> user:root:rwx
> 
> 
> user:3000000:rwx
> 
> 
> user:3000009:r-x
> 
> 
> user:3000175:r-x
> 
> 
> user:3000176:rwx
> 
> 
> group::rwx
> 
> 
> group:3000000:rwx
> 
> 
> group:3000009:r-x
> 
> 
> group:3000175:r-x
> 
> 
> group:3000176:rwx
> 
> 
> mask::rwx
> 
> 
> other::---
> 
> 
> default:user::rwx
> default:user:root:rwx
> default:user:3000000:rwx
> default:user:3000009:r-x
> default:user:3000175:r-x
> default:user:3000176:rwx
> default:group::---
> default:group:3000000:rwx
> default:group:3000009:r-x
> default:group:3000175:r-x
> default:group:3000176:rwx
> default:mask::rwx
> default:other::---
> 
> My smb.conf:
> # Global parameters
> [global]
>        debug level = 10
>        syslog = 10
>        netbios name = POTTER
>        realm = DEV.COM.UA
>        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate, smb
>        workgroup = DEVCOM
>        server role = active directory domain controller
>        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
> eventlog6, backupkey, dnsserver, winreg, srvsvc
>        idmap_ldb:use rfc2307 = yes
>        kerberos method = system keytab
>        #ldap ssl = off
>        #ldap ssl ads = no
>        ldap server require strong auth = no
>        client ldap sasl wrapping = sign
>        allow dns updates = nonsecure and secure
>        nsupdate command =  /usr/bin/nsupdate -g -d
>        #nsupdate command =  /usr/local/samba/sbin/samba_dnsupdate -d 3
> [netlogon]
>        path = /usr/local/samba/var/locks/sysvol/dev.com.ua/scripts
>        read only = No
>        write ok = Yes
> [sysvol]
>        path = /usr/local/samba/var/locks/sysvol
>        read only = No
>        write ok = Yes
> 
> 

Is there some reason why you have 's3fs' and 'smb' in the 'server
services' line ?

Try removing 'smb' 

Rowland



More information about the samba mailing list