Bug 1788 - winbind "signing_good: BAD SIG"
winbind "signing_good: BAD SIG"
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: winbind
3.0.7
All Linux
: P3 normal
: none
Assigned To: Guenther Deschner
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-09-17 07:29 UTC by Stephan Lauffer
Modified: 2005-08-24 10:19 UTC (History)
0 users

See Also:


Attachments
successfully share mount (137.85 KB, text/plain)
2004-10-05 05:02 UTC, Stephan Lauffer
no flags Details
successfully share mount (322.78 KB, text/plain)
2004-10-05 05:03 UTC, Stephan Lauffer
no flags Details
failed share mount (56.46 KB, text/plain)
2004-10-05 05:03 UTC, Stephan Lauffer
no flags Details
failed share mount (43.20 KB, text/plain)
2004-10-05 05:04 UTC, Stephan Lauffer
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Lauffer 2004-09-17 07:29:01 UTC
After updating vom 3.0.4 to 3.0.7 (using sernets rpms on sles8) i got:

[2004/09/17 14:29:14, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740)
  got principal=frmpdc01$@FR.PH-BW.NET
[2004/09/17 14:29:14, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(538)
  Doing kerberos session setup
[2004/09/17 14:29:14, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(252)
  Ticket in ccache[MEMORY:cliconnect] expiration Sam, 18 Sep 2004 00:24:11 GMT
[2004/09/17 14:29:14, 0] libsmb/smb_signing.c:signing_good(240)
  signing_good: BAD SIG: seq 1
[2004/09/17 14:29:14, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!

Some notice to sernets rpm: they use not a static linked heimdal >0.6 even their
srm comes with heimdal-0.6.2.tar.bz2. Maybe there's just a "bug" in the rpm!?

thx!
Comment 1 Sergey Datsenko 2004-10-04 14:36:36 UTC
(In reply to comment #0)
> After updating vom 3.0.4 to 3.0.7 (using sernets rpms on sles8) i got:
> 
> [2004/09/17 14:29:14, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740)
>   got principal=frmpdc01$@FR.PH-BW.NET
> [2004/09/17 14:29:14, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(538)
>   Doing kerberos session setup
> [2004/09/17 14:29:14, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(252)
>   Ticket in ccache[MEMORY:cliconnect] expiration Sam, 18 Sep 2004 00:24:11 GMT
> [2004/09/17 14:29:14, 0] libsmb/smb_signing.c:signing_good(240)
>   signing_good: BAD SIG: seq 1
> [2004/09/17 14:29:14, 0] libsmb/clientgen.c:cli_receive_smb(121)
>   SMB Signature verification failed on incoming packet!
> 
> Some notice to sernets rpm: they use not a static linked heimdal >0.6 even 
their
> srm comes with heimdal-0.6.2.tar.bz2. Maybe there's just a "bug" in the rpm!?
> 
> thx!

After upgrage from 3.0.5 to 3.0.7 i've got
$ smbclient //_video/ebooks
Password:
signing_good: BAD SIG: seq 1
Anonymous login successful
Domain=[WORKGROUP] OS=[Windows Server 2003 3790 Service Pack 1, v.1039] 
Server=[Windows Server 2003 5.2]
tree connect failed: NT_STATUS_ACCESS_DENIED

I've managed to avoid this by forced username "guest"
i.e.
$ smbclient //_video/ebooks -U=guest
Password:
Domain=[_VIDEO] OS=[Windows Server 2003 3790 Service Pack 1, v.1039] 
Server=[Windows Server 2003 5.2]
smb: \>

Maybe it would help...
Comment 2 Guenther Deschner 2004-10-04 15:41:27 UTC
Stephan: Could you please verify that your clock is correctly synched to the ads
dc? (e.g. via "net time set -S YOURDC"). Your log indicates that you're
obtaining a ticket pretty close to the default clock skew of 5 min. 

Thanks
Comment 3 Stephan Lauffer 2004-10-05 02:42:13 UTC
this is really interesting: the clocks are "in sync".

frlpww01:~ # date
Die Okt  5 11:34:47 CEST 2004

frlpww01:~ # net time set -S my.dc
Die Okt  5 11:34:51 CEST 2004

I still get:
[2004/10/05 11:37:37, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(252)
  Ticket in ccache[MEMORY:cliconnect] expiration Die, 05 Okt 2004 21:18:26 GMT

would it help, if I'll send the whole level 3 log from winbind starting from the
point where i try to "mount" the share?

thanks for your reply Guenther!


(In reply to comment #2)
> Stephan: Could you please verify that your clock is correctly synched to the ads
> dc? (e.g. via "net time set -S YOURDC"). Your log indicates that you're
> obtaining a ticket pretty close to the default clock skew of 5 min. 
> 
> Thanks

Comment 4 Guenther Deschner 2004-10-05 03:06:35 UTC
A log level 10 of log.smbd and log.winbindd would be the best.
Comment 5 Stephan Lauffer 2004-10-05 05:02:55 UTC
Created attachment 695 [details]
successfully share mount
Comment 6 Stephan Lauffer 2004-10-05 05:03:16 UTC
Created attachment 696 [details]
successfully share mount
Comment 7 Stephan Lauffer 2004-10-05 05:03:33 UTC
Created attachment 697 [details]
failed share mount
Comment 8 Stephan Lauffer 2004-10-05 05:04:14 UTC
Created attachment 698 [details]
failed share mount
Comment 9 Stephan Lauffer 2004-10-05 05:06:17 UTC
attached two different tests:
the first test shows us a successfully share mount (new for me, but it works
shortly after starting samba). the logfiles are called level_10_log_0.smbd and
level_10_log_0.winbindd.
the next test then failed. I was wainting some minute befor doing this 2nd test.
This test is logged in level_10_log_4.smbd and level_10_log_4.winbindd.(In reply
to comment #4)
> A log level 10 of log.smbd and log.winbindd would be the best.

Comment 10 Guenther Deschner 2004-11-19 16:34:07 UTC
Stephan, is this is still an issue for you with Samba 3.0.9 ?
Comment 11 Gerald (Jerry) Carter 2005-02-12 07:42:17 UTC
no reply in a couple of months.  Closing.
Comment 12 Gerald (Jerry) Carter 2005-08-24 10:19:57 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.