** Changed in: linux (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1862858
Title:
CIFS accesses DFS referral with wrong Kerberos ticket
Status in linux package in Ubuntu:
Confirmed
Bug description:
kubuntu 19.10 with kernel 5.3.0-29-generic and64.
This looks like a regression in the kernel CIFS module after the 4.15 & 5.0
kernels.
These earlier kernels follow the DFS referrals without error.
The problem:
- Use mount.cifs with kerberos authentication to mount a samba server hosting
a DFS root.
You will get a KRB ticket for the "dfs_root" machine.
- Attempt to access a host a host via a DFS referral (call this "target_host")
- Access will fail with "Permission Denied".
- Use Wireshark to monitor CIFS and KRB traffic.
- The kernel attempts to authenticate to "target_host" using the KRB ticket
for "dfs_root".
Note:
- A DFS target running Win2008R2 will reply with
STATUS_MORE_PROCESSING_REQUIRED, then the
kernel will get a KRB ticket for "target_host" and use it.
The connection is then successful.
- A DFS target running Samba 4.7.6 will reply with STATUS_LOGON_FAILURE.
The connection fails.
Expected Result:
- Successful connection.
- The kernel should get a KRB ticket for "target_host" and use it.
(This is what kernels 4.15 and 5.0 do [and a Windows client])
---
ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu8.2
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC3: stephen 1839 F.... pulseaudio
/dev/snd/controlC2: stephen 1839 F.... pulseaudio
/dev/snd/controlC0: stephen 1839 F.... pulseaudio
/dev/snd/controlC1: stephen 1839 F.... pulseaudio
CurrentDesktop: KDE
DistroRelease: Ubuntu 19.10
HibernationDevice: RESUME=UUID=4df5ccea-5eb4-45e3-a0b0-7b1311fdaba5
InstallationDate: Installed on 2018-11-09 (459 days ago)
InstallationMedia: Kubuntu 18.10 "Cosmic Cuttlefish" - Release amd64
(20181017.2)
MachineType: Gigabyte Technology Co., Ltd. GA-MA790X-UD4P
NonfreeKernelModules: nvidia_modeset nvidia
Package: linux (not installed)
ProcFB: 0 VESA VGA
ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-5.3.0-29-generic
root=UUID=f009da0b-176e-49e6-a6a0-bb594e6754a8 ro rootflags=subvol=@
ProcVersionSignature: Ubuntu 5.3.0-29.31-generic 5.3.13
RelatedPackageVersions:
linux-restricted-modules-5.3.0-29-generic N/A
linux-backports-modules-5.3.0-29-generic N/A
linux-firmware 1.183.3
RfKill:
Tags: eoan
Uname: Linux 5.3.0-29-generic x86_64
UpgradeStatus: Upgraded to eoan on 2019-10-20 (114 days ago)
UserGroups: adm bacula cdrom kvm libvirt lpadmin plugdev sambashare sudo
wireshark
_MarkForUpload: True
dmi.bios.date: 09/08/2010
dmi.bios.vendor: Award Software International, Inc.
dmi.bios.version: F10c
dmi.board.name: GA-MA790X-UD4P
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.type: 3
dmi.chassis.vendor: Gigabyte Technology Co., Ltd.
dmi.modalias:
dmi:bvnAwardSoftwareInternational,Inc.:bvrF10c:bd09/08/2010:svnGigabyteTechnologyCo.,Ltd.:pnGA-MA790X-UD4P:pvr:rvnGigabyteTechnologyCo.,Ltd.:rnGA-MA790X-UD4P:rvrx.x:cvnGigabyteTechnologyCo.,Ltd.:ct3:cvr:
dmi.product.name: GA-MA790X-UD4P
dmi.sys.vendor: Gigabyte Technology Co., Ltd.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862858/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
