[Samba] NTLMSSP NTLM2 packet check failed due to invalid signature
Rowland Penny
rpenny at samba.org
Fri Jul 14 18:52:10 UTC 2017
On Fri, 14 Jul 2017 20:24:05 +0200
"Patrik Laszlo \(patrikx3\) via samba" <samba at lists.samba.org> wrote:
> Ciao!
>
> How are you?
> I guess, things changed. I was in Stretch, now in Buster, always in
> TESTING repo. But, I had a script, that deleted caches, everything,
> it worked for months. Now I changed my domain from patrikx3.tk to
> patrikx3.com and stopped.
How did you change the domain ?
Have you reprovisioned ?
> I can join to the domain if only use the
> first interface (I need 2 now). But the first error was the error is
> “” instead of “ac.patrikx3.com”, which is cryptic.
>
> Then, I can use LDAP awesome via my clients and everything, but my
> windows do not understand that I am on the domain, although I can
> login and authenticate, but still I get this error on Samba like: The
> server is not operational.
>
> The last one is:
> NTLMSSP NTLM2 packet check failed due to invalid signature!
>
> Do you guys what it could be? No idea. I tried tons of settings,
> always the same.
>
> Besides, all was generated by the samba provision tool.
Sorry, but I do not believe that, for one thing, the provision never
adds lines that start with a '#'
>
> My samba config:
> [global]
> netbios name = SERVER
> realm = AC.PATRIKX3.COM
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc # server services = s3fs, rpc,
> nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc,
> dnsupdate workgroup = PATRIKX3 server role = active directory domain
> controller idmap_ldb:use rfc2307 = yes
> # bind interfaces only=yes
> # for join, use this
> # interfaces=lo enp1s0 127.0.0.1 192.168.78.20
> allow insecure wide links = yes
> # need for old samba 3 - like the router
> unix extensions = no
> local master = yes
> preferred master = yes
> template shell = /bin/bash
> template homedir = /home/%U
> log level = 3
>
> [netlogon]
> path = /var/lib/samba/sysvol/ac.patrikx3.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [media]
> path = /media
> read only = no
> guest ok = no
> force group = media
> writable = yes
>
> [mounts]
> path = /mnt
> read only = no
> guest ok = no
> force group = mount
> writable = yes
>
> [router-logs]
> path = /var/log-router
> read only = yes
> guest ok = yes
> writable = no
> browseable = yes
> # valid users = router
> force user = root
>
>
> Sent from Mail for Windows 10
>
I would alter the shares by making them resemble the [netlogon &
[sysvol] shares and then set the permissions from your Windows 10
machine.
Rowland
More information about the samba
mailing list