[Samba] Bad SMB2 signature on Samba 4

Rowland Penny rpenny at samba.org
Tue Aug 1 13:47:22 UTC 2017


On Tue, 1 Aug 2017 09:16:49 -0300
Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:

> Hi
> 
> I'm using Samba 4.6.5 on Debian 8.
> 
> Recently, in samba Service appears problems with SMB2 SIGNATURE as the
> message below:
> 
> root at dc2:/home/suporte# /etc/init.d/samba4 status
> samba4.service - LSB: start Samba4 daemons
>    Loaded: loaded (/etc/init.d/samba4)
>    Active: active (exited) since Seg 2017-07-31 17:14:07 -03; 15h ago
>   Process: 443 ExecStart=/etc/init.d/samba4 start (code=exited,
> status=0/SUCCESS)

For some reason Samba has shut down.

> Follow my smb.conf file:
> 
> 
> # Global parameters
> [global]
>  workgroup = EMPRESA
>  realm = EMPRESA.COM.BR
>  netbios name = DC2
>  server role = active directory domain controller
>  dns forwarder = 192.168.0.88,192.168.0.89
>  idmap_ldb:use rfc2307 = yes
>  ldap server require strong auth = no
>  idmap config EMPRESA : unix_nss_info = yes
>  winbind trusted domains only = no
>  winbind use default domain = yes
>  winbind enum users = yes
>  winbind enum groups = yes
>  winbind refresh tickets = yes
> 

You should remove the following lines:

idmap config EMPRESA : unix_nss_info = yes
 winbind trusted domains only = no
 winbind use default domain = yes
 winbind enum users = yes
 winbind enum groups = yes
 winbind refresh tickets = yes

They either shouldn't be in a DC smb.conf, don't work on a DC or
shouldn't be used in production.

If removing the lines doesn't fix the problem, have a look in the Samba
logs, if still nothing, raise the Samba log level.

Rowland




More information about the samba mailing list