Kristy,
I put up some ideas and things to think about in-line. I hope it helps
out. Does anyone in the group coding for samba4 have anything to weigh in
as well, esp the smb.conf and documentation issues?
On Fri, 4 Dec 2009, Kristy Kallback-Rose wrote:
Date: Fri, 4 Dec 2009 16:11:55 -0500
From: Kristy Kallback-Rose <[email protected]>
To: [email protected]
Subject: [Samba] smbtorture config issue?
Hello,
I'm trying to run smbtorture against another system. I have installed
version 4.0.0alpha9 locally. The remote system is registered with ADS as:
Any reason you are using samba4 for this testing? Documentation is pretty
scarce.
distinguishedName: CN=bl-uits-cictest,CN=Computers,DC=ads,DC=iu,DC=edu
name: bl-uits-cictest
dNSHostName: bl-uits-cictest.ads.iu.edu
servicePrincipalName: HOST/bl-uits-cictest.ads.iu.edu
servicePrincipalName: HOST/BL-UITS-CICTEST
The server itself is cictest.cic.iu.edu, and I can connect to the
remote server with smbclient as such:
smbclient -s /usr/local/samba/etc/smb.conf -n bl-uits-cictest.ads.iu.edu
-Ukallbac //cictest.cic.iu.edu/projects Password:
Domain=[ADS] OS=[Unix] Server=[Samba 3.2.11-ctdb-65]
smb: \> quit
This is using ntlmv2 if you have that directive in your smb.conf and not
kerberos.
client use ntlmv2 = yes
The problem is this:
1) smbtorture complains about the ads security setting:
/usr/local/samba/bin/smbtorture --realm=ads.iu.edu -T samba3 -d 3 -W ADS
--netbiosname=BL-UITS-CICTEST -U cictestuser3 //cictest.cic.iu.edu/projects
RAW-QFSINFO
lp_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[global]"
Unknown enumerated value 'ADS' for 'security'
params.c:pm_process() - Failed. Error returned from params.c:parse().
I have tried both ads and ADS, it doesn't seem to like either
I no longer see the directive "security" mentioned in samba4, but I do see
statements similar to "server-role" which may cover for security.
http://wiki.samba.org/index.php/Samba4/HOWTO#Step_4:_Provision_Samba4
Not only is there no directive in the regular man pages (samba 3) for
"server-role", but last I looked there was question as to whether the
traditional smb.conf file would be used when samba4 would be released:
http://lists.samba.org/archive/samba-technical/2005-March/039741.html
2) smbtorture proceeds to complain as such:
Server is not registered with our KDC: Miscellaneous failure (see text):
Server (cifs/[email protected]) unknown
SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed to parse:
NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
Server is not registered with our KDC: Miscellaneous failure (see text):
Server (cifs/[email protected]) unknown
SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed to parse:
NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
Password for [ADS\cictestuser3]:
Fwiw, my krb5.conf has a default realm of ADS.IU.EDU as well as a realms
section for ADS.IU.EDU I can provide other information if it would be
helpful.
Does your server have a cifs principal (ie
cifs/[email protected]) for either bl-uits-cictest.ads.iu.edu or
cictest.cic.iu.edu? It seems to be wanting to get the principal for
"cifs/[email protected]".
Can anyone offer some suggestions to troubleshoot this?
Many thanks,
Kristy
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
---Robert Freeman-Day
---------------
I would really like you to be on my side,
but the side you show me isn't what I had in mind.
-Judybats
GPG Public Key:
http:keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
