[Samba] Bad SMB2 (sign_algo_id=1) signature for message
Michael Tokarev
mjt at tls.msk.ru
Mon Apr 1 11:09:41 UTC 2024
01.04.2024 13:56, Jones Syue 薛懷宗:
>> I can't say for sure but I *think* each time the client is windows server 2012.
>
> Looks good :) If run this script[1] to test multiple dialects, found only
> SMB3_00 and SMB3_02 has this "(sign_algo_id=1)", and per doc[2] it could
> be happend with ws2012 and ws2012r2.
This *is* 2012 r2. The protocol version it negotiates is shown by smbstatus
on samba server, it is SMB3_02. More modern workstations negotiate SMB3_11.
> Perhaps some kind of services, like antivirus scan LAN, or printer access,
> access attempts to samba server via guest or anonymous account trigger this
> log, not quite sure just a preliminary guess :)
There's no antivirus running on these machines. At least we tried to disable
everything.
The access *is* anonymous, always, this is a read-only anonymous share with
a big application used by multiple users. It has public=yes, map_to_guest=invalid_user.
I can't say when exactly this error is logged.
> Is 'Event Viewer' of windows server 2012 could see similar event about
> bad/invalid signature too?
Somehow I forgot to look there. Let's see..
/mjt
More information about the samba
mailing list