to reproduce: simply run RPC-BIND smbtorture test against a 3.5.4 member server in w2k8r2 domain with winbindd.
Arg. In the middle of moving all my VM's to VirtualBox means I don't have an active W2K8R2 DC at work at the moment. Is this repeatable on a W2K8 (not R2) DC ? Can you post logs from client and server side ? Jeremy.
fails with a w2k3 sp3 DC as well. Note that once you kill winbind, and let smbd do the samlogon on its own, it works.
Created attachment 5891 [details] patch for master This patch fixed it (and was pushed to master)
Created attachment 5893 [details] patch for 3.5
Created attachment 5894 [details] patch for 3.4
Created attachment 5895 [details] patch for 3.3
Comment on attachment 5893 [details] patch for 3.5 Looks good
Comment on attachment 5894 [details] patch for 3.4 Looks good
Comment on attachment 5895 [details] patch for 3.3 Looks good, but 3.3 is in security release only mode...
Karolin, please pick for the next releases
Pushed to v3-5-test and v3-4-test. Will be included in the next 3.5 and 3.4 maintenance releases. Closing out bug report. Thanks!
Created attachment 6133 [details] the log files, network traces hi samba, we have re-tested the NTLM signing patch recently, it seems that the bug is not fully fixed. the repro steps are as follows: 1) net ads join 2) from a unix workstation run smbclient and logon as an AD user xyz 3) From a Windows XP run smbclient and logon as the same user * it has to be an NTLM authentication, so we use the IP address instead of the server name In the log we see the following message: [2010/11/09 10:06:17.748568, 5] libsmb/smb_signing.c:90(smb_signing_good) smb_signing_good: signing negotiated but not required and peer isn't sending correct signatures. Turning off. Windows XP does not like this so it breaks the connection and tries again (several times). Eventually either Samba gets on track or it does not and the XP machine gives up. All.zip includes: log_samba.zip is an example showing the smbclient succeeding and XP failing logfile-windows.zip it the network trace corresponding to this log file. smbserver.zip is another example of a network trace where initially the signing is failing but eventually fixes itself. Thanks, Weikuan Zhou
Created attachment 6134 [details] part1 for logfile-windows The log file-windows are too large for 1M, so I split it into two parts.
Created attachment 6135 [details] part2 for logfile-windows
(In reply to comment #12) > we have re-tested the NTLM signing patch recently, it seems that the bug is not > fully fixed. The problem should be mostly fixed in the latest 3.6, 4.0 and 4.1 releases. While a more advanced fix will be in 4.2.0.