[Samba] Bad SMB2 (sign_algo_id=1) signature for message
Denis CARDON
dcardon at tranquil.it
Tue Apr 2 09:53:40 UTC 2024
Hi Michael,
Le 01/04/2024 à 13:09, Michael Tokarev via samba a écrit :
> 01.04.2024 13:56, Jones Syue 薛懷宗:
>>> I can't say for sure but I *think* each time the client is windows
>>> server 2012.
>>
>> Looks good :) If run this script[1] to test multiple dialects, found
>> only
>> SMB3_00 and SMB3_02 has this "(sign_algo_id=1)", and per doc[2] it could
>> be happend with ws2012 and ws2012r2.
>
> This *is* 2012 r2. The protocol version it negotiates is shown by
> smbstatus
> on samba server, it is SMB3_02. More modern workstations negotiate
> SMB3_11.
>
>> Perhaps some kind of services, like antivirus scan LAN, or printer
>> access,
>> access attempts to samba server via guest or anonymous account
>> trigger this
>> log, not quite sure just a preliminary guess :)
>
> There's no antivirus running on these machines. At least we tried to
> disable
> everything.
>
> The access *is* anonymous, always, this is a read-only anonymous share
> with
> a big application used by multiple users. It has public=yes,
> map_to_guest=invalid_user.
>
> I can't say when exactly this error is logged.
SMBv2 signing requires to have a shared secret, and I guess that
anonymous access don't provide that shared secret for signing / encryption.
From [1] "Guest logons don't support standard security features such as
signing and encryption." on SMB2.
So I guess you should use a account with a password on the client
machine to avoid this message.
Cheers,
Denis
[1]
https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default
>
>> Is 'Event Viewer' of windows server 2012 could see similar event about
>> bad/invalid signature too?
>
> Somehow I forgot to look there. Let's see..
>
> /mjt
>
More information about the samba
mailing list