Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] [Samba-it] samba 4.x: centos 7: Bad SMB2 signature for message
1,026 views
Skip to first unread message
Dario Lesca
Sep 16, 2015, 5:40:04 PM9/16/15
to
Hi, in a network with a PDC Linux 3.6.x, I have join to domain a
Centos7.1 with samba 4.1.12 (last version from official repository).
All work fine, but after some days the connection to the share folder
not work anymore for the user with Win8 and Win8.1.
Into log I see this messages:
> Sep 16 09:56:14 s-backup smbd[21878]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsBad SMB2 signature for message
> Sep 16 09:56:14 s-backup smbd[21878]: [2015/09/16 09:56:14.379103, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:14 s-backup smbd[21878]: [0000] 55 FA FB 06 1F F9 B1 C9 27 44 09 C3 16 E1 CF 13 U....... 'D......
> Sep 16 09:56:14 s-backup smbd[21878]: [2015/09/16 09:56:14.379252, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:14 s-backup smbd[21878]: [0000] DF EA AC A9 66 40 6C 8F 7A A0 D5 D1 45 CA 44 36 ....f@l. z...E.D6
> Sep 16 09:56:14 s-backup smbd[21879]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsBad SMB2 signature for message
> Sep 16 09:56:14 s-backup smbd[21879]: [2015/09/16 09:56:14.468575, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:14 s-backup smbd[21879]: [0000] 8D 90 BE CD 16 B5 49 85 76 54 67 F3 6B 00 EE 35 ......I. vTg.k..5
> Sep 16 09:56:14 s-backup smbd[21879]: [2015/09/16 09:56:14.468720, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:14 s-backup smbd[21879]: [0000] 6A 1D 77 98 7F 30 F0 19 25 9A 7E 22 EF 21 7E F4 j.w..0.. %.~".!~.
> Sep 16 09:56:23 s-backup smbd[21880]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsBad SMB2 signature for message
> Sep 16 09:56:23 s-backup smbd[21880]: [2015/09/16 09:56:23.810267, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:23 s-backup smbd[21880]: [0000] 7E 31 21 53 92 62 4F 6D F7 4B 69 DE B8 BB 87 E4 ~1!S.bOm .Ki.....
> Sep 16 09:56:23 s-backup smbd[21880]: [2015/09/16 09:56:23.810399, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:23 s-backup smbd[21880]: [0000] A5 69 24 8B DE 9A 09 6E 5A D2 BE CB E5 F0 DD 48 .i$....n Z......H
> Sep 16 09:56:24 s-backup smbd[21880]: [2015/09/16 09:56:24.439693, 0] ../libcli/smb/smb2_signing.c:170(smb2_signing_check_pdu)
> Sep 16 09:56:24 s-backup smbd[21880]: Bad SMB2 signature for message
> Sep 16 09:56:24 s-backup smbd[21880]: [2015/09/16 09:56:24.439885, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:24 s-backup smbd[21880]: [0000] 4D B5 57 BD B8 A3 1D CF 9C DC EE 21 39 CF FE 2E M.W..... ...!9...
> Sep 16 09:56:24 s-backup smbd[21880]: [2015/09/16 09:56:24.440014, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:24 s-backup smbd[21880]: [0000] 06 51 61 A1 72 99 53 48 FC F9 B4 9F 88 C9 E5 F6 .Qa.r.SH ........
Other PC with Win7 o WinXP work great, only Win8* do not connect.
If I restart samba:
sudo systemctl restart smb nmb winbind
Win8* can connect again but after some day the problem happen again.
I believe it is a problem with SMB2/3 protocol, but I have try change
in various ways the 'server max protocol' options (now is set to SMB3)
without success.
> [root@s-backup ~]# testparm -s --parameter-name 'server max protocol'
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384)
> Processing section "[homes]"
> Processing section "[backup]"
> Processing section "[backup-aruba]"
> Loaded services file OK.
> SMB3
My smb.conf:
> [global]
> workgroup = dominio
> server string = Samba Server Version %v
> log file = /var/log/samba/log.%m
> max log size = 50
> passdb backend = tdbsam:/etc/samba/account.tdb
> security = domain
> realm = s-backup.dominio.it
> idmap config * : range = 1000000-9999999
> idmap config * : backend = rid
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> domain master = no
> local master = no
> store dos attributes = Yes
> wins server = 192.168.50.1
> load printers = no
> cups options = raw
> printcap name = /dev/null
> printing = bsd
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> [backup]
> comment = Cartella con Backup
> path = /backup2t/rsnapshot
> writable = no
> public = yes
> force user = root
> force group = root
> valid users = @DOMINIO\grpbackup
Someone have some suggest to permanently solve this problem?
Many Thanks for attention.
--
Dario Lesca
(inviato dal mio Linux Fedora 22 con Gnome 3.16)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Centos7.1 with samba 4.1.12 (last version from official repository).
All work fine, but after some days the connection to the share folder
not work anymore for the user with Win8 and Win8.1.
Into log I see this messages:
> Sep 16 09:56:14 s-backup smbd[21878]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsBad SMB2 signature for message
> Sep 16 09:56:14 s-backup smbd[21878]: [2015/09/16 09:56:14.379103, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:14 s-backup smbd[21878]: [0000] 55 FA FB 06 1F F9 B1 C9 27 44 09 C3 16 E1 CF 13 U....... 'D......
> Sep 16 09:56:14 s-backup smbd[21878]: [2015/09/16 09:56:14.379252, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:14 s-backup smbd[21878]: [0000] DF EA AC A9 66 40 6C 8F 7A A0 D5 D1 45 CA 44 36 ....f@l. z...E.D6
> Sep 16 09:56:14 s-backup smbd[21879]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsBad SMB2 signature for message
> Sep 16 09:56:14 s-backup smbd[21879]: [2015/09/16 09:56:14.468575, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:14 s-backup smbd[21879]: [0000] 8D 90 BE CD 16 B5 49 85 76 54 67 F3 6B 00 EE 35 ......I. vTg.k..5
> Sep 16 09:56:14 s-backup smbd[21879]: [2015/09/16 09:56:14.468720, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:14 s-backup smbd[21879]: [0000] 6A 1D 77 98 7F 30 F0 19 25 9A 7E 22 EF 21 7E F4 j.w..0.. %.~".!~.
> Sep 16 09:56:23 s-backup smbd[21880]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsBad SMB2 signature for message
> Sep 16 09:56:23 s-backup smbd[21880]: [2015/09/16 09:56:23.810267, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:23 s-backup smbd[21880]: [0000] 7E 31 21 53 92 62 4F 6D F7 4B 69 DE B8 BB 87 E4 ~1!S.bOm .Ki.....
> Sep 16 09:56:23 s-backup smbd[21880]: [2015/09/16 09:56:23.810399, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:23 s-backup smbd[21880]: [0000] A5 69 24 8B DE 9A 09 6E 5A D2 BE CB E5 F0 DD 48 .i$....n Z......H
> Sep 16 09:56:24 s-backup smbd[21880]: [2015/09/16 09:56:24.439693, 0] ../libcli/smb/smb2_signing.c:170(smb2_signing_check_pdu)
> Sep 16 09:56:24 s-backup smbd[21880]: Bad SMB2 signature for message
> Sep 16 09:56:24 s-backup smbd[21880]: [2015/09/16 09:56:24.439885, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:24 s-backup smbd[21880]: [0000] 4D B5 57 BD B8 A3 1D CF 9C DC EE 21 39 CF FE 2E M.W..... ...!9...
> Sep 16 09:56:24 s-backup smbd[21880]: [2015/09/16 09:56:24.440014, 0] ../lib/util/util.c:556(dump_data)
> Sep 16 09:56:24 s-backup smbd[21880]: [0000] 06 51 61 A1 72 99 53 48 FC F9 B4 9F 88 C9 E5 F6 .Qa.r.SH ........
Other PC with Win7 o WinXP work great, only Win8* do not connect.
If I restart samba:
sudo systemctl restart smb nmb winbind
Win8* can connect again but after some day the problem happen again.
I believe it is a problem with SMB2/3 protocol, but I have try change
in various ways the 'server max protocol' options (now is set to SMB3)
without success.
> [root@s-backup ~]# testparm -s --parameter-name 'server max protocol'
> Load smb config files from /etc/samba/smb.conf
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
> (16384)
> Processing section "[homes]"
> Processing section "[backup]"
> Processing section "[backup-aruba]"
> Loaded services file OK.
> SMB3
My smb.conf:
> [global]
> workgroup = dominio
> server string = Samba Server Version %v
> log file = /var/log/samba/log.%m
> max log size = 50
> passdb backend = tdbsam:/etc/samba/account.tdb
> security = domain
> realm = s-backup.dominio.it
> idmap config * : range = 1000000-9999999
> idmap config * : backend = rid
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> domain master = no
> local master = no
> store dos attributes = Yes
> wins server = 192.168.50.1
> load printers = no
> cups options = raw
> printcap name = /dev/null
> printing = bsd
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> [backup]
> comment = Cartella con Backup
> path = /backup2t/rsnapshot
> writable = no
> public = yes
> force user = root
> force group = root
> valid users = @DOMINIO\grpbackup
Someone have some suggest to permanently solve this problem?
Many Thanks for attention.
--
Dario Lesca
(inviato dal mio Linux Fedora 22 con Gnome 3.16)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Dario Lesca
Sep 19, 2015, 5:40:04 PM9/19/15
to
Il giorno mer, 16/09/2015 alle 23.02 +0200, Dario Lesca ha scritto:
> ...
> ...
Someone have some suggest for me?
I must provide more info?
Exposure of my problem is unclear ?
Many thanks
> ...
Someone have some suggest for me?
I must provide more info?
Exposure of my problem is unclear ?
Many thanks
Jones Syue
Sep 20, 2015, 9:40:03 PM9/20/15
to
Hello Dario,
Hmm perhaps also try 'server signing = mandatory',
thank you.
--
Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.
Hmm perhaps also try 'server signing = mandatory',
thank you.
--
Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.
Jones Syue
Sep 20, 2015, 10:00:02 PM9/20/15
to
Hello Dario,
Could you try to add 'server signing = auto' under [global],
and then restart samba,
hope this helps.
smb.conf would look like:
[global]
server signing = auto
... ...
--
Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.
Could you try to add 'server signing = auto' under [global],
and then restart samba,
hope this helps.
smb.conf would look like:
[global]
server signing = auto
... ...
--
Regards,
Jones Syue | 薛懷宗
QNAP Systems, Inc.
Dario Lesca
Sep 21, 2015, 6:20:03 AM9/21/15
to
Il giorno lun, 21/09/2015 alle 09.34 +0800, Jones Syue ha scritto:
> Hello Dario,
>
> Hmm perhaps also try 'server signing = mandatory',
>
> thank you.
Thanks Jones.
> Hello Dario,
>
> Hmm perhaps also try 'server signing = mandatory',
>
> thank you.
Now I have set 'server signing = auto'
server signing = auto
; server signing = mandatory
and now all work fine.
Now wait, if in a few days will no longer work, I will try 'mandatory'
and let you know
Many thanks.
--
Dario Lesca
(inviato dal mio Linux Fedora 22 con Gnome 3.16)
Dario Lesca
Sep 25, 2015, 5:50:04 AM9/25/15
to
Il giorno lun, 21/09/2015 alle 12.16 +0200, Dario Lesca ha scritto:
> Now I have set 'server signing = auto'
>
> server signing = auto
> ; server signing = mandatory
>
> and now all work fine.
>
> Now wait, if in a few days will no longer work, I will try
> 'mandatory' and let you know
Yesterday, after some day the problem It reappeared
> Now I have set 'server signing = auto'
>
> server signing = auto
> ; server signing = mandatory
>
> and now all work fine.
>
> Now wait, if in a few days will no longer work, I will try
> 'mandatory' and let you know
Now I try "server signing = mandatory", wait some day and let you know.
Dario Lesca
Oct 22, 2015, 5:10:03 AM10/22/15
to
Il giorno ven, 25/09/2015 alle 11.39 +0200, Dario Lesca ha scritto:
> Yesterday, after some day the problem It reappeared
>
> Now I try "server signing = mandatory", wait some day and let you
> know.
The problem still alive.
> Yesterday, after some day the problem It reappeared
>
> Now I try "server signing = mandatory", wait some day and let you
> know.
Today Win8* cannot access to server, into log I see this message:
> Oct 22 09:27:11 s-backup smbd[32645]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionssmb_signing_good: BAD SIG: seq 2
> Oct 22 09:27:11 s-backup smbd[32645]: [2015/10/22 09:27:11.575613, 0] ../source3/smbd/process.c:505(receive_smb_talloc)
> Oct 22 09:27:11 s-backup smbd[32645]: receive_smb: SMB Signature verification failed on incoming packet!
seem a winbind problem, if I restart it, all work fine
Someone have some other suggest?
This is my smb.conf:
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[backup]"
Server role: ROLE_DOMAIN_MEMBER
[global]
workgroup = STUDIO
realm = s-backup.studio.it
server string = Samba Server Version %v
security = DOMAIN
passdb backend = tdbsam:/etc/samba/account.tdb
log file = /var/log/samba/log.%m
max log size = 50
server signing = required
log file = /var/log/samba/log.%m
max log size = 50
load printers = No
printcap name = /dev/null
local master = No
domain master = No
wins server = 192.168.50.1
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config * : range = 1000000-9999999
idmap config * : backend = rid
printing = bsd
idmap config * : backend = rid
cups options = raw
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
store dos attributes = Yes
[homes]
comment = Home Directories
read only = No
comment = Home Directories
browseable = No
[backup]
comment = Cartella con Backup
path = /backup2t/rsnapshot
force user = root
force group = root
guest ok = Yes
force group = root
Many thanks
L.P.H. van Belle
Oct 22, 2015, 5:30:04 AM10/22/15
to
Try again and add :
winbind refresh tickets = yes
winbind offline logon = yes
if that does not work, i really suggest you upgrade to samba 4.2+
or set the pc's to use a "lower" SMB prototol.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Dario Lesca
> Verzonden: donderdag 22 oktober 2015 11:03
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] [Samba-it] samba 4.x: centos 7: Bad SMB2 signature
> for message
>
winbind refresh tickets = yes
winbind offline logon = yes
if that does not work, i really suggest you upgrade to samba 4.2+
or set the pc's to use a "lower" SMB prototol.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Dario Lesca
> Verzonden: donderdag 22 oktober 2015 11:03
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] [Samba-it] samba 4.x: centos 7: Bad SMB2 signature
> for message
>
Rowland Penny
Oct 22, 2015, 5:30:04 AM10/22/15
to
idmap config * : range = 1000000-9999999
idmap config * : backend = rid
I would have expected to see something like this:
idmap config * : range = 2000-9999
idmap config * : backend = tdb
idmap config STUDIO : range = 1000000-9999999
idmap config STUDIO : backend = rid
Rowland
Rowland Penny
Oct 22, 2015, 5:50:06 AM10/22/15
to
I totally agree that he should be making plans to upgrade to AD though,
microsoft could turn off support for NT4 at any time, and very probably
will.
Rowland
L.P.H. van Belle
Oct 22, 2015, 6:00:04 AM10/22/15
to
No didnt mis that.
When i see :
Then Im thinking this is a samba 3.6x connected to an AD,
but i can be wrong but NT4 does not use realm.
;-)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Rowland Penny
> Verzonden: donderdag 22 oktober 2015 11:42
When i see :
Then Im thinking this is a samba 3.6x connected to an AD,
but i can be wrong but NT4 does not use realm.
;-)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Rowland Penny
> Verzonden: donderdag 22 oktober 2015 11:42
Rowland Penny
Oct 22, 2015, 6:20:05 AM10/22/15
to
spexsavers is an optician and this is one of their advertising jingos)
In defence, the OPs original post started with:
Hi, in a network with a PDC Linux 3.6.x, I have join to domain a
Centos7.1 with samba 4.1.12 (last version from official repository).
Dario Lesca
Oct 22, 2015, 6:40:03 AM10/22/15
to
Il giorno gio, 22/10/2015 alle 10.21 +0100, Rowland Penny ha scritto:
> Hi, the one thing I would change is these two lines:
>
> idmap config * : range = 1000000-9999999
> idmap config * : backend = rid
>
> You seem to be ignoring your users :-)
>
> I would have expected to see something like this:
>
> idmap config * : range = 2000-9999
> idmap config * : backend = tdb
> idmap config STUDIO : range = 1000000-9999999
> idmap config STUDIO : backend = rid
>
> Rowland
Ok, this is a error.
> Hi, the one thing I would change is these two lines:
>
> idmap config * : range = 1000000-9999999
> idmap config * : backend = rid
>
> You seem to be ignoring your users :-)
>
> I would have expected to see something like this:
>
> idmap config * : range = 2000-9999
> idmap config * : backend = tdb
> idmap config STUDIO : range = 1000000-9999999
> idmap config STUDIO : backend = rid
>
> Rowland
Now I have set smb.conf like your suggest and restart.
I 'll see if from some days the block for Win8 users happens again
Thanks
--
Dario Lesca
(inviato dal mio Linux Fedora 22 con Gnome 3.16)
Dario Lesca
Oct 22, 2015, 6:50:02 AM10/22/15
to
Il giorno gio, 22/10/2015 alle 11.16 +0100, Rowland Penny ha scritto:
> Hi, in a network with a PDC Linux 3.6.x, I have join to domain a
> Centos7.1 with samba 4.1.12 (last version from official repository).
>
> So, I think the OP needs to clarify the situation.
Yes, my PDC is a samba 3.6.x.
> Hi, in a network with a PDC Linux 3.6.x, I have join to domain a
> Centos7.1 with samba 4.1.12 (last version from official repository).
>
> So, I think the OP needs to clarify the situation.
And Yes, the "realm" directive is wrong.
Now I have remove it, add your suggest about "idmap config *" and
restart smb, nmb and winbind.
I 'll see if from some days the block for Win8 users happens again
Thanks
0 new messages