[Samba] Bad SMB2 (sign_algo_id=1) signature for message
Jones Syue 薛懷宗
jonessyue at qnap.com
Mon Apr 1 10:56:08 UTC 2024
> I can't say for sure but I *think* each time the client is windows server 2012.
Looks good :) If run this script[1] to test multiple dialects, found only
SMB3_00 and SMB3_02 has this "(sign_algo_id=1)", and per doc[2] it could
be happend with ws2012 and ws2012r2.
Perhaps some kind of services, like antivirus scan LAN, or printer access,
access attempts to samba server via guest or anonymous account trigger this
log, not quite sure just a preliminary guess :)
Is 'Event Viewer' of windows server 2012 could see similar event about
bad/invalid signature too?
[1] Ubuntu 22.04.4, Samba 4.15.13
for max in SMB2_10 SMB3_00 SMB3_02 SMB3_11; \
do \
echo $max; \
smbclient -U 'nobody%nobody' --option='client signing=required' -m${max} -L 127.0.0.1 2>&1 | grep sign_algo_id; \
done;
And the output:
Bad SMB2 (sign_algo_id=0) signature for message
SMB3_00
Bad SMB2 (sign_algo_id=1) signature for message
SMB3_02
Bad SMB2 (sign_algo_id=1) signature for message
SMB3_11
Bad SMB2 (sign_algo_id=2) signature for message
[2] https://learn.microsoft.com/en-us/archive/blogs/josebda/windows-server-2012-r2-which-version-of-the-smb-protocol-smb-1-0-smb-2-0-smb-2-1-smb-3-0-or-smb-3-02-are-you-using
--
Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.
More information about the samba
mailing list