while joined to a 2000 AD domain: ======================= get_sequence_for_reply: found seq = 1 mid = 2 simple_packet_signature: sequence number 1 client_check_incoming_message: BAD SIG: wanted SMB signature of [000] 5F 98 69 62 2D 7D DD 91 _.ib-}.. client_check_incoming_message: BAD SIG: got SMB signature of [000] 0D 58 5E 2E 4A D3 CB E2 .X^.J... simple_packet_signature: sequence number 4294967292 simple_packet_signature: sequence number 4294967293 simple_packet_signature: sequence number 4294967294 simple_packet_signature: sequence number 4294967295 simple_packet_signature: sequence number 0 simple_packet_signature: sequence number 1 simple_packet_signature: sequence number 2 simple_packet_signature: sequence number 3 simple_packet_signature: sequence number 4 simple_packet_signature: sequence number 5 signing_good: BAD SIG: seq 1 SMB Signature verification failed on incoming packet! failed kerberos session setup with Undetermined error anonymous connection attempt to BLUE from RHEL3-WS failed anonymous session setup with NT_STATUS_OK secrets_named_mutex: released mutex for BLUE add_failed_connection_entry: domain AQUA (BLUE) already tried and failed Could not open a connection to AQUA for \PIPE\lsarpc (NT_STATUS_UNSUCCESSFUL) ======================= works fine on RH9 + krb1.3.1
I'm not on the samba team, but I have seen this. Can you do a kinit from the krb1.2.7 system and get a ticket? I have never been able to get at ticket from a windows AD controller with 1.2.7. I had to update to 1.3.1 in order to get a ticket. 1.2.7 did not support the type of encryption our AD controller was using. I have had no problems after upgrading to 1.3.1. Duane Rezac
Isn't this the issue with key padding (pad from 8 to 16 bytes with zeros) that RH reported and jra patched?
i dunno. Haven't looked into it. I filed the bug so I wouldn't forget about it.
no one else has confirmed it so closing.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.