[Samba] Bad SMB2 (sign_algo_id=1) signature for message?
Michael Tokarev
mjt at tls.msk.ru
Wed Feb 8 09:34:37 UTC 2023
08.02.2023 05:07, Jeremy Allison wrote:
> On Wed, Feb 08, 2023 at 01:54:20AM +0300, Michael Tokarev via samba wrote:
>> Another message appeared in the log after 4.13=>4.17 upgrade:
>>
>> [2023/02/07 23:21:58.677059, 0] ../../libcli/smb/smb2_signing.c:722(smb2_signing_check_pdu)
>> Bad SMB2 (sign_algo_id=1) signature for message
>> [2023/02/07 23:21:58.677184, 0] ../../lib/util/util.c:571(dump_data)
>> [0000] B9 83 A8 8D A6 D4 8D A3 6A 8E 51 28 C0 91 20 9D ........ j.Q(.. .
>> [2023/02/07 23:21:58.677264, 0] ../../lib/util/util.c:571(dump_data)
>> [0000] 4E DF F2 77 95 E4 BE B8 59 AB 44 91 A4 82 0B 2B N..w.... Y.D....+
...
> Which client are they coming from ?
This is Windows 2012 R2 Server with terminal services running, with no additional
system software running. There are several of them, behaving the same way.
The fun thing is that some connections from single server are using SMB3 (SMB3_02),
but at the same time, other connections are using SMB2_10. And it looks like those
SMB2 connections are causing the above messages to be logged by samba. Not all of
them though.
Unfortunately debugging there is somewhat difficult, because there are 200+ active
connections coming from the same server..
/mjt
More information about the samba
mailing list