[Samba] NTLMSSP NTLM2 packet check failed due to invalidsignature

Patrik Laszlo (patrikx3) alabard at gmail.com
Fri Jul 14 19:00:27 UTC 2017 

>How did you change the domain ?
>Have you reprovisioned ?

Actually, I deleted everything with apt purge, deleted all files, reinstall SAMBA, then I joined with Windows 10 Enterprise (I had to disable to use only 1 interface instead both), but it started “” instead of “ac.patrikx3.com”.

Yes, I had added a few, but it was all working before, same settings, no changes, besides I can auth, just the Domain is weird.
How come it says in Firewall Private instead Domain?
Something is weird. No idea what to do. 
Disable the 2nd interface, reinstall everything and join again maybe like that?

The shares are OK by it’s own automatic:



The domain is weird:


It was
patrikx3
ac.patrikx3.tk

I was expecting 
patrikx3
ac.patrikx3.com

Now it is patrikx3 2 ☹

> I can join to the domain if only use the
> first interface (I need 2 now). But the first error was the error is
> “” instead of “ac.patrikx3.com”, which is cryptic.
> 
> Then, I can use LDAP awesome via my clients and everything, but my
> windows do not understand that I am on the domain, although I can
> login and authenticate, but still I get this error on Samba like: The
> server is not operational.
> 
> The last one is:
> NTLMSSP NTLM2 packet check failed due to invalid signature!
> 
> Do you guys what it could be? No idea. I tried tons of settings,
> always the same.
> 
> Besides, all was generated by the samba provision tool.

Sorry, but I do not believe that, for one thing, the provision never
adds lines that start with a '#'

> 
> My samba config:
> [global]
>         netbios name = SERVER
>         realm = AC.PATRIKX3.COM
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc #       server services = s3fs, rpc,
> nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc,
> dnsupdate workgroup = PATRIKX3 server role = active directory domain
> controller idmap_ldb:use rfc2307 = yes
> #       bind interfaces only=yes
> # for join, use this
> #       interfaces=lo enp1s0 127.0.0.1 192.168.78.20
>         allow insecure wide links = yes
> # need for old samba 3 - like the router
>         unix extensions = no
>         local master = yes
>         preferred master = yes
>         template shell = /bin/bash
>         template homedir = /home/%U
>         log level = 3
> 
> [netlogon]
>         path = /var/lib/samba/sysvol/ac.patrikx3.com/scripts
>         read only = No
> 
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> 
> [media]
>         path = /media
>         read only = no
>         guest ok = no
>         force group = media
>         writable = yes
> 
> [mounts]
>         path = /mnt
>         read only = no
>         guest ok = no
>         force group = mount
>         writable = yes
> 
> [router-logs]
>         path = /var/log-router
>         read only = yes
>         guest ok = yes
>         writable = no
>         browseable = yes
> #       valid users = router
>         force user = root
>         
> 
> Sent from Mail for Windows 10
> 

I would alter the shares by making them resemble the [netlogon &
[sysvol] shares and then set the permissions from your Windows 10
machine.

Rowland

More information about the samba mailing list