[Samba] NTLMSSP NTLM2 packet check failed due to invalid signature

Rowland Penny rpenny at samba.org
Fri Jul 14 18:52:10 UTC 2017 

On Fri, 14 Jul 2017 20:24:05 +0200
"Patrik Laszlo \(patrikx3\) via samba" <samba at lists.samba.org> wrote:

> Ciao!
> 
> How are you?
> I guess, things changed. I was in Stretch, now in Buster, always in
> TESTING repo. But, I had a script, that deleted caches, everything,
> it worked for months. Now I changed my domain from patrikx3.tk to
> patrikx3.com and stopped. 

How did you change the domain ?
Have you reprovisioned ?

> I can join to the domain if only use the
> first interface (I need 2 now). But the first error was the error is
> “” instead of “ac.patrikx3.com”, which is cryptic.
> 
> Then, I can use LDAP awesome via my clients and everything, but my
> windows do not understand that I am on the domain, although I can
> login and authenticate, but still I get this error on Samba like: The
> server is not operational.
> 
> The last one is:
> NTLMSSP NTLM2 packet check failed due to invalid signature!
> 
> Do you guys what it could be? No idea. I tried tons of settings,
> always the same.
> 
> Besides, all was generated by the samba provision tool.

Sorry, but I do not believe that, for one thing, the provision never
adds lines that start with a '#'

> 
> My samba config:
> [global]
>         netbios name = SERVER
>         realm = AC.PATRIKX3.COM
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc #       server services = s3fs, rpc,
> nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc,
> dnsupdate workgroup = PATRIKX3 server role = active directory domain
> controller idmap_ldb:use rfc2307 = yes
> #       bind interfaces only=yes
> # for join, use this
> #       interfaces=lo enp1s0 127.0.0.1 192.168.78.20
>         allow insecure wide links = yes
> # need for old samba 3 - like the router
>         unix extensions = no
>         local master = yes
>         preferred master = yes
>         template shell = /bin/bash
>         template homedir = /home/%U
>         log level = 3
> 
> [netlogon]
>         path = /var/lib/samba/sysvol/ac.patrikx3.com/scripts
>         read only = No
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> 
> [media]
>         path = /media
>         read only = no
>         guest ok = no
>         force group = media
>         writable = yes
> 
> [mounts]
>         path = /mnt
>         read only = no
>         guest ok = no
>         force group = mount
>         writable = yes
> 
> [router-logs]
>         path = /var/log-router
>         read only = yes
>         guest ok = yes
>         writable = no
>         browseable = yes
> #       valid users = router
>         force user = root
>         
> 
> Sent from Mail for Windows 10
> 

I would alter the shares by making them resemble the [netlogon &
[sysvol] shares and then set the permissions from your Windows 10
machine.

Rowland

More information about the samba mailing list