Created attachment 7289 [details]
Tar file containing log files and packet captures
We are using samba 3.6.3. I am trying to access the share with IP address and the request goes over ntlmssp. The log.smbd shows the following error after the after the sessetup_and_x request response.
[2012/02/03 12:42:49.488364, 5] libsmb/smb_signing.c:280(smb_signing_check_pdu)
smb_signing_check_pdu: BAD SIG: wanted SMB signature of
[2012/02/03 12:42:49.488427, 5] ../lib/util/util.c:415(dump_data)
 A3 F2 57 04 29 C4 E0 6F ..W.)..o
[2012/02/03 12:42:49.488499, 5] libsmb/smb_signing.c:283(smb_signing_check_pdu)
smb_signing_check_pdu: BAD SIG: got SMB signature of
[2012/02/03 12:42:49.488561, 5] ../lib/util/util.c:415(dump_data)
 35 29 6B 65 EB 1B 79 DF
After the tree-connect response, the connection is being dropped by WinXP client. The similar behavior is seen with win7 too, trying to access the share with IP address.
Though the requests seems to be working fine with smbclient, there are similar BAD SIG failure logs seen with that too in log.smbd. The difference there is, the connection with smbclient is closed only when there is a explicit "quit" on the session of the command.
I am attaching the tar file containing log.smbd with debug level 10 and packet capture for both WinXP and smbclient accessing the share with IP address using NTLMSSP.
When the share access is done using hostname, the sesssionsetup uses kerberos and the signature verification goes fine and also the connection happens properly.
The share access with IP address works perfectly fine with samba-3.4.3 version.
I compared the code in signing.c between these to samba version and that has changed completely. I noticed one difference (in comparision of packet traces) between 3.4.3 and 3.6.3 connection, the BSRSYPL signature is not being sent sessionsetup response when ntlmssp returns MORE_PROCESSING_REQUIRED. I tried correcting it, but that didn't work for me.
There are two bugs I found in the bug history which were raised with similar observation. They are not wrt to 3.6.3 version and these are not resolved yet.
Can somebody have a look at this ?
This is not occurring anymore. Marking this as invalid.