Bug 8742 - Share access from WinXP/Win7 failing with NTLMSSP with signing errors
Share access from WinXP/Win7 failing with NTLMSSP with signing errors
Product: Samba 3.6
Classification: Unclassified
Component: File services
x86 Linux
: P5 major
: ---
Assigned To: Volker Lendecke
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2012-02-03 10:51 UTC by hargagan
Modified: 2012-07-20 06:25 UTC (History)
1 user (show)

See Also:

Tar file containing log files and packet captures (1.27 MB, application/x-tar)
2012-02-03 10:51 UTC, hargagan
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description hargagan 2012-02-03 10:51:20 UTC
Created attachment 7289 [details]
Tar file containing log files and packet captures

We are using samba 3.6.3. I am trying to access the share with IP address and the request goes over ntlmssp. The log.smbd shows the following error after the after the sessetup_and_x request response. 

[2012/02/03 12:42:49.488364,  5] libsmb/smb_signing.c:280(smb_signing_check_pdu)
  smb_signing_check_pdu: BAD SIG: wanted SMB signature of
[2012/02/03 12:42:49.488427,  5] ../lib/util/util.c:415(dump_data)
  [0000] A3 F2 57 04 29 C4 E0 6F                            ..W.)..o
[2012/02/03 12:42:49.488499,  5] libsmb/smb_signing.c:283(smb_signing_check_pdu)
  smb_signing_check_pdu: BAD SIG: got SMB signature of
[2012/02/03 12:42:49.488561,  5] ../lib/util/util.c:415(dump_data)
  [0000] 35 29 6B 65 EB 1B 79 DF 

After the tree-connect response, the connection is being dropped by WinXP client. The similar behavior is seen with win7 too, trying to access the share with IP address.

Though the requests seems to be working fine with smbclient, there are similar BAD SIG failure logs seen with that too in log.smbd. The difference there is, the connection with smbclient is closed only when there is a explicit "quit" on the session of the command.

I am attaching the tar file containing log.smbd with debug level 10 and packet capture for both WinXP and smbclient accessing the share with IP address using NTLMSSP.

When the share access is done using hostname, the sesssionsetup uses kerberos and the signature verification goes fine and also the connection happens properly.

The share access with IP address works perfectly fine with samba-3.4.3 version.

I compared the code in signing.c between these to samba version and that has changed completely. I noticed one difference (in comparision of packet traces) between 3.4.3 and 3.6.3 connection, the BSRSYPL signature is not being sent sessionsetup response when ntlmssp returns MORE_PROCESSING_REQUIRED. I tried correcting it, but that didn't work for me.

There are two bugs I found in the bug history which were raised with similar observation. They are not wrt to 3.6.3 version and these are not resolved yet. 


Comment 1 hargagan 2012-03-21 10:52:47 UTC
Can somebody have a look at this ?
Comment 2 hargagan 2012-07-20 06:25:41 UTC
This is not occurring anymore. Marking this as invalid.