[Samba] Unable to contact active directory or verify claim types

Rowland Penny rpenny at samba.org
Wed Jul 25 07:37:14 UTC 2018 

On Tue, 24 Jul 2018 22:59:42 -0400
Gaeseric Vandal via samba <samba at lists.samba.org> wrote:

> I set "server min protocol = SMB2" and "server max protocol = SMB2" .
> 
> 
> Which then resulted in the Win 2012 R2 server being unable to access
> the Samba server as \\weirdserver <file://weirdserver> .  But I can
> access via \\weirdserver.mydomain.com
> <file://weirdserver.mydomain.com>  or \\ipaddres <file://ipaddres> .
> 
>  
> 
>  
> 
> Logs on samba server for that client shows "bad SMB2 signing."
> 
>  
> 
>  
> 
> [2018/07/24 22:34:19.865792,  3]
> ../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)
> 
>   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_ACCESS_DENIED] ||
> at ../source3/smbd/smb2_server.c:2447
> 
> [2018/07/24 22:34:19.867152,
> 3] ../lib/util/access.c:365(allow_access)
> 
>   Allowed connection from 192.168.x.x. (192.168.x.x)
> 
> [2018/07/24 22:34:19.867325,  3]
> ../source3/smbd/service.c:595(make_connection_snum)
> 
>   Connect path is 'xxxxfor service [users]
> 
> [2018/07/24 22:34:19.867420,
> 3] ../source3/smbd/vfs.c:113(vfs_init_default)
> 
>   Initialising default vfs hooks
> 
> [2018/07/24 22:34:19.867502,
> 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
> 
>   Initialising custom vfs hooks from [/[Default VFS]/]
> 
> [2018/07/24 22:34:19.867556,
> 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
> 
>   Initialising custom vfs hooks from [zfsacl]
> 
> [2018/07/24 22:34:19.867918,  2]
> ../source3/smbd/service.c:841(make_connection_snum)
> 
>   192.168.3.225 (ipv4:192.168.3.225:60275) connect to service users
> initially as user MYDOMAIN\someuser (uid=xxxx, gid=xxx) (pid 6264)
> 
> [2018/07/24 22:34:19.868642,  0]
> ../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu)
> 
>   Bad SMB2 signature for message
> 
> [2018/07/24 22:34:19.868723,  0] ../lib/util/util.c:515(dump_data)
> 
>   [0000] F7 44 6E EC BE 8F A2 B3   5F 45 D0 82 44 7E 3C D1   -Dn-.--
> _E-.D~<-
> 
> [2018/07/24 22:34:19.868795,  0] ../lib/util/util.c:515(dump_data)
> 
>   [0000] 67 29 61 2A 76 DD D8 8E   91 9C 03 D2 E6 A2 51 0F   g)a*v--.
> ...--Q.
> 
> [2018/07/24 22:34:19.868862,  3]
> ../source3/smbd/smb2_server.c:3139(smbd_smb2_request_error_ex)
> 
>   smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
> status[NT_STATUS_ACCESS_DENIED] ||
> at ../source3/smbd/smb2_server.c:2447
>
> Reenableing "server max protocol = SMB3" didn't help - tho I presume
> this is because the Win 2012 R2 server didn't try to connect with
> SMB3.  I would probably have to reboot but that isn't an option at
> the moment.
> 
> Appreciate any feedback.

You seem to told us everything except the vital thing, what is in your
smb.conf ?

Rowland

More information about the samba mailing list