Bad SMB2 signature on Samba 4

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Bad SMB2 signature on Samba 4

Samba - General mailing list
Hi

I'm using Samba 4.6.5 on Debian 8.

Recently, in samba Service appears problems with SMB2 SIGNATURE as the
message below:

root@dc2:/home/suporte# /etc/init.d/samba4 status
samba4.service - LSB: start Samba4 daemons
   Loaded: loaded (/etc/init.d/samba4)
   Active: active (exited) since Seg 2017-07-31 17:14:07 -03; 15h ago
  Process: 443 ExecStart=/etc/init.d/samba4 start (code=exited,
status=0/SUCCESS)

Ago 01 01:30:17 dc2 samba[486]: Exiting pid 486 on SIGTERM
Ago 01 01:30:17 dc2 samba[489]: [2017/08/01 01:30:17.667239,  0]
../source...m)
Ago 01 01:30:17 dc2 samba[489]: Exiting pid 489 on SIGTERM
Ago 01 01:30:17 dc2 samba[492]: [2017/08/01 01:30:17.666852,  0]
../source...m)
Ago 01 01:30:17 dc2 samba[492]: Exiting pid 492 on SIGTERM
Ago 01 01:30:17 dc2 samba[487]: [2017/08/01 01:30:17.667284,  0]
../source...m)
Ago 01 01:30:17 dc2 samba[487]: Exiting pid 487 on SIGTERM
Ago 01 01:30:17 dc2 samba[493]: Exiting pid 493 on SIGTERM
Ago 01 01:30:17 dc2 samba[491]: [2017/08/01 01:30:17.666900,  0]
../source...m)
Ago 01 01:30:17 dc2 samba[491]: Exiting pid 491 on SIGTERM
Hint: Some lines were ellipsized, use -l to show in full.
root@dc2:/home/suporte# tail /var/log/syslog
Aug  1 08:07:50 dc2 smbd[2601]:   [0000] 00 00 00 00 00 00 00 00   00 00 00
00 00 00 00 00   ........ ........
Aug  1 08:07:50 dc2 smbd[2601]: [2017/08/01 08:07:50.220014,  0]
../lib/util/util.c:555(dump_data)
Aug  1 08:07:50 dc2 smbd[2601]:   [0000] 97 0E 60 D4 29 8C C3 39   D1 19 5C
44 2F 11 BC 41   ..`.)..9 ..\D/..A
Aug  1 08:17:01 dc2 CRON[2652]: (root) CMD (   cd / && run-parts --report
/etc/cron.hourly)
Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604096,  0]
../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu)
Aug  1 08:43:15 dc2 smbd[2716]:   Bad SMB2 signature for message
Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604184,  0]
../lib/util/util.c:555(dump_data)
Aug  1 08:43:15 dc2 smbd[2716]:   [0000] 00 00 00 00 00 00 00 00   00 00 00
00 00 00 00 00   ........ ........
Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604206,  0]
../lib/util/util.c:555(dump_data)
Aug  1 08:43:15 dc2 smbd[2716]:   [0000] C2 06 72 B5 B7 B1 95 04   0E F5 4C
43 B5 18 13 15   ..r..... ..LC....

This way the Windows stations are having problems to authenticate
themselves. The login is taking a long time

Before, my Samba DC was work properly.

Follow my smb.conf file:


# Global parameters
[global]
 workgroup = EMPRESA
 realm = EMPRESA.COM.BR
 netbios name = DC2
 server role = active directory domain controller
 dns forwarder = 192.168.0.88,192.168.0.89
 idmap_ldb:use rfc2307 = yes
 ldap server require strong auth = no
 idmap config EMPRESA : unix_nss_info = yes
 winbind trusted domains only = no
 winbind use default domain = yes
 winbind enum users = yes
 winbind enum groups = yes
 winbind refresh tickets = yes


 template shell = /bin/bash
 template homedir = /home/%U


[netlogon]
 path = /usr/local/samba/var/locks/sysvol/empresa.com.br/scripts
 read only = No

[sysvol]
 path = /usr/local/samba/var/locks/sysvol
 read only = No
 acl_xattr:ignore system acls = yes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Bad SMB2 signature on Samba 4

Samba - General mailing list
Sorry!

I forgot to ask my question!

Anybody have an idea how solve this problem?


Regards,

Márcio Bacci

2017-08-01 9:16 GMT-03:00 Marcio Demetrio Bacci <[hidden email]>:

> Hi
>
> I'm using Samba 4.6.5 on Debian 8.
>
> Recently, in samba Service appears problems with SMB2 SIGNATURE as the
> message below:
>
> root@dc2:/home/suporte# /etc/init.d/samba4 status
> samba4.service - LSB: start Samba4 daemons
>    Loaded: loaded (/etc/init.d/samba4)
>    Active: active (exited) since Seg 2017-07-31 17:14:07 -03; 15h ago
>   Process: 443 ExecStart=/etc/init.d/samba4 start (code=exited,
> status=0/SUCCESS)
>
> Ago 01 01:30:17 dc2 samba[486]: Exiting pid 486 on SIGTERM
> Ago 01 01:30:17 dc2 samba[489]: [2017/08/01 01:30:17.667239,  0]
> ../source...m)
> Ago 01 01:30:17 dc2 samba[489]: Exiting pid 489 on SIGTERM
> Ago 01 01:30:17 dc2 samba[492]: [2017/08/01 01:30:17.666852,  0]
> ../source...m)
> Ago 01 01:30:17 dc2 samba[492]: Exiting pid 492 on SIGTERM
> Ago 01 01:30:17 dc2 samba[487]: [2017/08/01 01:30:17.667284,  0]
> ../source...m)
> Ago 01 01:30:17 dc2 samba[487]: Exiting pid 487 on SIGTERM
> Ago 01 01:30:17 dc2 samba[493]: Exiting pid 493 on SIGTERM
> Ago 01 01:30:17 dc2 samba[491]: [2017/08/01 01:30:17.666900,  0]
> ../source...m)
> Ago 01 01:30:17 dc2 samba[491]: Exiting pid 491 on SIGTERM
> Hint: Some lines were ellipsized, use -l to show in full.
> root@dc2:/home/suporte# tail /var/log/syslog
> Aug  1 08:07:50 dc2 smbd[2601]:   [0000] 00 00 00 00 00 00 00 00   00 00
> 00 00 00 00 00 00   ........ ........
> Aug  1 08:07:50 dc2 smbd[2601]: [2017/08/01 08:07:50.220014,  0]
> ../lib/util/util.c:555(dump_data)
> Aug  1 08:07:50 dc2 smbd[2601]:   [0000] 97 0E 60 D4 29 8C C3 39   D1 19
> 5C 44 2F 11 BC 41   ..`.)..9 ..\D/..A
> Aug  1 08:17:01 dc2 CRON[2652]: (root) CMD (   cd / && run-parts --report
> /etc/cron.hourly)
> Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604096,  0]
> ../libcli/smb/smb2_signing.c:171(smb2_signing_check_pdu)
> Aug  1 08:43:15 dc2 smbd[2716]:   Bad SMB2 signature for message
> Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604184,  0]
> ../lib/util/util.c:555(dump_data)
> Aug  1 08:43:15 dc2 smbd[2716]:   [0000] 00 00 00 00 00 00 00 00   00 00
> 00 00 00 00 00 00   ........ ........
> Aug  1 08:43:15 dc2 smbd[2716]: [2017/08/01 08:43:15.604206,  0]
> ../lib/util/util.c:555(dump_data)
> Aug  1 08:43:15 dc2 smbd[2716]:   [0000] C2 06 72 B5 B7 B1 95 04   0E F5
> 4C 43 B5 18 13 15   ..r..... ..LC....
>
> This way the Windows stations are having problems to authenticate
> themselves. The login is taking a long time
>
> Before, my Samba DC was work properly.
>
> Follow my smb.conf file:
>
>
> # Global parameters
> [global]
>  workgroup = EMPRESA
>  realm = EMPRESA.COM.BR
>  netbios name = DC2
>  server role = active directory domain controller
>  dns forwarder = 192.168.0.88,192.168.0.89
>  idmap_ldb:use rfc2307 = yes
>  ldap server require strong auth = no
>  idmap config EMPRESA : unix_nss_info = yes
>  winbind trusted domains only = no
>  winbind use default domain = yes
>  winbind enum users = yes
>  winbind enum groups = yes
>  winbind refresh tickets = yes
>
>
>  template shell = /bin/bash
>  template homedir = /home/%U
>
>
> [netlogon]
>  path = /usr/local/samba/var/locks/sysvol/empresa.com.br/scripts
>  read only = No
>
> [sysvol]
>  path = /usr/local/samba/var/locks/sysvol
>  read only = No
>  acl_xattr:ignore system acls = yes
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Bad SMB2 signature on Samba 4

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Tue, 1 Aug 2017 09:16:49 -0300
Marcio Demetrio Bacci via samba <[hidden email]> wrote:

> Hi
>
> I'm using Samba 4.6.5 on Debian 8.
>
> Recently, in samba Service appears problems with SMB2 SIGNATURE as the
> message below:
>
> root@dc2:/home/suporte# /etc/init.d/samba4 status
> samba4.service - LSB: start Samba4 daemons
>    Loaded: loaded (/etc/init.d/samba4)
>    Active: active (exited) since Seg 2017-07-31 17:14:07 -03; 15h ago
>   Process: 443 ExecStart=/etc/init.d/samba4 start (code=exited,
> status=0/SUCCESS)

For some reason Samba has shut down.

> Follow my smb.conf file:
>
>
> # Global parameters
> [global]
>  workgroup = EMPRESA
>  realm = EMPRESA.COM.BR
>  netbios name = DC2
>  server role = active directory domain controller
>  dns forwarder = 192.168.0.88,192.168.0.89
>  idmap_ldb:use rfc2307 = yes
>  ldap server require strong auth = no
>  idmap config EMPRESA : unix_nss_info = yes
>  winbind trusted domains only = no
>  winbind use default domain = yes
>  winbind enum users = yes
>  winbind enum groups = yes
>  winbind refresh tickets = yes
>

You should remove the following lines:

idmap config EMPRESA : unix_nss_info = yes
 winbind trusted domains only = no
 winbind use default domain = yes
 winbind enum users = yes
 winbind enum groups = yes
 winbind refresh tickets = yes

They either shouldn't be in a DC smb.conf, don't work on a DC or
shouldn't be used in production.

If removing the lines doesn't fix the problem, have a look in the Samba
logs, if still nothing, raise the Samba log level.

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Bad SMB2 signature on Samba 4

Samba - General mailing list
On Tue, 1 Aug 2017 12:17:04 -0300
Marcio Demetrio Bacci <[hidden email]> wrote:

> However, after that I removed winbind lines of the my smb.conf the
> "getent passwd" command shows only local users. The "getent group"
> command shows only local groups.
>
> Is this a problem?

No, it is a 'good' thing, imagine that you have 100,000 users, you have
the lines in smb.conf and you run 'getent passwd', how long do you
think it will take to display all the users and what will it have
gained you ? What if the user, you need to be sure exists, has the ID
10001, it will have scrolled of the screen and you will probably miss
it. If you run 'getent passwd username' you will get the output for
'username' if it exists, or nothing if it doesn't.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...