Bug 12303 - ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[xxx]
ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[xxx]
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services
4.4.5
x64 Linux
: P5 major
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-30 12:39 UTC by acrow
Modified: 2016-10-13 08:59 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description acrow 2016-09-30 12:39:04 UTC
Hi,

I'm running Sernet Samba 4.4.5 in a CTDB clustered fileserver setup, NT style domain. At random dates (it's usually noticed in the morning as users log in), users can suddenly not connect to network shares.

Attempting to make an authenticated connection to the fileservers (either via CTDB IP or direct) using "smbclient -L" or "smbclient //server/share" also fails with NT_STATUS_INVALID_PARAMETER. smbclient -L strangely works fine as guest.

Domain Controllers are all Centos 6 with either Sernet Samba 3.6.22 or 3.6.25.

Logs on the file servers show many instances of these lines:

/var/log/samba/172.17.44.83:  ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[foo] domain=[DOM] workstation=[DK-L]
/var/log/samba/172.17.44.83:[2016/09/29 09:54:35.158127,  1] ../auth/ntlmssp/ntlmssp_server.c:950(ntlmssp_server_postauth)
/var/log/samba/172.17.44.83:  ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[foo] domain=[DOM] workstation=[DK-L]
/var/log/samba/172.17.51.57:[2016/09/19 10:38:27.684713,  1] ../auth/ntlmssp/ntlmssp_server.c:948(ntlmssp_server_postauth)
/var/log/samba/172.17.51.57:  ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[DK-E$] domain=[DOM] workstation=[DK-E]
/var/log/samba/172.17.51.57:[2016/09/19 10:38:27.754462,  1] ../auth/ntlmssp/ntlmssp_server.c:948(ntlmssp_server_postauth)
/var/log/samba/172.17.51.57:  ntlmssp_server_postauth: invalid NTLMSSP_MIC for user=[DK-E$] domain=[DOM] workstation=[DK-E]

I don't believe this to be CTDB related as another Samba user has reported this in a non-CTDB setup. He also runs 4.4.x file servers with 3.6.x DCs.