Join XP into s4?
Matthieu Patou
mat+Informatique.Samba at matws.net
Wed Jul 8 06:56:32 GMT 2009
On 07/08/2009 10:05 AM, Andrew Bartlett wrote:
> On Wed, 2009-07-08 at 07:54 +0200, Volker Lendecke wrote:
>> On Wed, Jul 08, 2009 at 08:50:13AM +1000, Andrew Bartlett wrote:
>>> On Tue, 2009-07-07 at 23:02 +0200, Volker Lendecke wrote:
>>>> Hi!
>>>>
>>>> While trying to join an XP workstation into a current Samba4
>>>> DC, I'm getting
>>>>
>>>> NTLM2: created signature over 117 bytes of input:
>>>> BAD SIG NTLM2: wanted signature over 117 bytes of input:
>>>> BAD SIG: got signature over 117 bytes of input:
>>>> NTLMSSP NTLM2 packet check failed due to invalid signature on 117 bytes of input!
>>>>
>>>> on stdout. This is a merged build smbd4, but running all
>>>> services. From looking at the sniff, to me it looks that an
>>>> encrypted LDAP connection is being terminated by the DC.
>>>>
>>>> How do I debug this? Sniffs& any logs certainly available
>>>> on request.
>>> A big assistance would be to try and git bisect to figure out where we
>>> (I, this code is my responsibility) broke it. Matthias first noticed
>>> what I think is the same bug a little while back, but I didn't look into
>>> the problem properly at the time.
I had the same problem two weeks ago, and I changed the default security
level of XP in order to make a workstation join the network (I tried
several times with this workstation). It was very weird to me as a few
day before this problem I connected another workstation without any
problem (and I didn't changed the version of samba between two joins).
>> Do you have a pointer where to start the bisect? A year ago?
>
> I doubt it's that old, but it's possible. I would try with the previous
> alpha (from Feb), surely some of our users would have seen it if we had
> a failure there.
>
> I hope it's much more recent than that. In terms of times that this
> code has changes, it's in the past few days (I made a small change
> there), possibly the time of the Heimdal merge just before the last
> alpha, and the auth merge work I did at SambaXP.
>
> I'm going to start chasing this down from a correctness approach (ie,
> stare at code and try and see what's wrong).
Just for the reminder my wireshark patch is dissecting NTLM 1 & 2
version so it might helps.
Matthieu.
More information about the samba-technical
mailing list