[Samba] ntlmssp_server_postauth: invalid NTLMSSP_MIC on CTDB fileserver (NT-style domain)

Alex Crow acrow at integrafin.co.uk
Thu Sep 22 10:07:46 UTC 2016 

Apologies, should have included auth related settings:

max protocol = SMB2
workgroup = FOO
netbios name = LCLUSTER
clustering = yes
security = DOMAIN
interfaces = enp4s0f0
passdb backend = tdbsam
username map = /etc/samba/smbusers
syslog = 0
log file = /var/log/samba/%m
max log size = 102400
log level = 1
name resolve order = wins lmhosts bcast hosts
time server = no
ldap ssl = no
guest account = nobody
map to guest = bad user
require strong key = false
winbind sealed pipes = false
client signing = off
client ldap sasl wrapping = plain



On 22/09/16 10:58, Alex Crow via samba wrote:
> Hi List,
>
> As the subject states, I'm running a CTDB cluster. Samba is Sernet 4.4.5
> in an NT-Style Samba domain (DCs are Centos 6 packaged samba, 3.6.22)
>
> Every so often, users are unable to connect to network shares. Most of
> the problems seem to happen on Windows 7 domain members, but smbclient
> will also fail to connect. I see these lines in the logs for every
> attempted connection:
>
> [2016/09/22 06:08:42.135972,  1]
> ../auth/ntlmssp/ntlmssp_server.c:950(ntlmssp_server_postauth)
>   ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[aa3]
> domain=[FOO_NET] workstation=[VM-FOOBAR]
> [2016/09/22 06:08:42.135995,  1] ../lib/util/util.c:559(dump_data)
>   [0000] F1 27 49 D5 8E 68 FE 25   B7 6E C9 7C 86 F7 D9 21   .'I..h.%
> .n.|...!
> [2016/09/22 06:08:42.136013,  1] ../lib/util/util.c:559(dump_data)
>   [0000] BA 8D 1F 5E A8 7D 9D 5E   7B 05 4D C4 BD 30 EE 72   ...^.}.^
> {.M..0.r
>
> smbclient -L seems only to work as a guest at this point, but testing it
> with an authenticated user fails with the same messages.
>
> The only way to fix this seems to be to restart the CTDB daemon on all
> the servers.
>
> Anyone have any insight into what might be causing this?
>
> Regards,
>
> Alex
>
>
> --
> This message is intended only for the addressee and may contain
> confidential information. Unless you are that person, you may not
> disclose its contents or use it in any way and are requested to delete
> the message along with any attachments and notify us immediately.
> This email is not intended to, nor should it be taken to, constitute advice.
> The information provided is correct to our knowledge & belief and must not
> be used as a substitute for obtaining tax, regulatory, investment, legal or
> any other appropriate advice.
>
> "Transact" is operated by Integrated Financial Arrangements Ltd.
> 29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
> (Registered office: as above; Registered in England and Wales under
> number: 3727592). Authorised and regulated by the Financial Conduct
> Authority (entered on the Financial Services Register; no. 190856).
>

--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608 5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856).

More information about the samba mailing list