In source4/torture/smb2/compound.cc, test_compound_invalid1(...) it says
/* TODO: check why this fails with --signing=required */
Because the first message in the chain is marked as related, the SessionID in the message is ignored but there is no way to infer it. With signing=enabled, there is no way to verify the signature because there is no SessionID. Since signature verification happens before other kinds of validation, the server responds with status=NT_STATUS_ACCESS_DENIED instead of the expected NT_STATUS_INVALID_PARAMETER.
Therefore, SMB2-COMPOUND-INVALID1 should either be skipped when signing=enabled or should expect status=NT_STATUS_ACCESS_DENIED.
Steve, another SMB2 torture bug for you.
I think we need to try to support related session_id inheritance also on the client side.
Metze, is there some update in this case?
I think it's fixed now, after the rewrite to use the new smbXcli_* code.