[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
** Changed in: samba (Ubuntu Groovy) Assignee: Paride Legovini (paride) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
The Groovy Gorilla has reached end of life, so this bug will not be fixed for that release ** Changed in: samba (Ubuntu Groovy) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
** Changed in: samba (Ubuntu Focal) Assignee: (unassigned) => Paride Legovini (paride) ** Changed in: samba (Ubuntu Groovy) Assignee: (unassigned) => Paride Legovini (paride) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
In /etc/krb5.conf.d/freeipa there is
[libdefaults]
spake_preauth_groups = edwards25519
And in /var/lib/sss/pubconf/krb5.include.d there is the following
$ more /var/lib/sss/pubconf/krb5.include.d/*|cat
::
/var/lib/sss/pubconf/krb5.include.d/domain_realm_ghs_nl
::
[domain_realm]
::
/var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults
::
[libdefaults]
canonicalize = true
::
/var/lib/sss/pubconf/krb5.include.d/localauth_plugin
::
[plugins]
localauth = {
module =
sssd:/usr/lib/x86_64-linux-gnu/sssd/modules/sssd_krb5_localauth_plugin.so
}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892145
Title:
smbclient cannot connect anonymously in Kerberos context (freeipa)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
In /etc/krb5.conf.d/freeipa there is
[libdefaults]
spake_preauth_groups = edwards25519
And in /var/lib/sss/pubconf/krb5.include.d there is the following
$ more /var/lib/sss/pubconf/krb5.include.d/*|cat
::
/var/lib/sss/pubconf/krb5.include.d/domain_realm_ghs_nl
::
[domain_realm]
::
/var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults
::
[libdefaults]
canonicalize = true
::
/var/lib/sss/pubconf/krb5.include.d/localauth_plugin
::
[plugins]
localauth = {
module =
sssd:/usr/lib/x86_64-linux-gnu/sssd/modules/sssd_krb5_localauth_plugin.so
}
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892145
Title:
smbclient cannot connect anonymously in Kerberos context (freeipa)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
@Kees Baker, thanks for providing your krb5.conf. Would it be possible to also provide the contents of any file under /etc/krb5.conf.d/ and /var/lib/sss/pubconf/krb5.include.d/. I'm wondering if there's anything in those directories that is influencing the bug. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
Like Andreas, I cannot reproduce the coredump either. # smbclient //focal-01.example.com/myshare -k gensec_spnego_client_negTokenInit_step: Could not find a suitable mechtype in NEG_TOKEN_INIT session setup failed: NT_STATUS_INVALID_PARAMETER Even after using the same options as the ones provided in the krb5.conf from comment #10, the coredump doesn't happen. I wonder if Jesse Michael is able to provide a reproducer for this, because otherwise it will be hard to SRU this without having a reliable test case. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
I agree to the analysis. Latest master looks fine thou. Change seems to be in https://git.samba.org/samba.git/?p=samba.git;a=commit;h=34f8ab774d1484b0e60 That is released in 4.13 and thereby fix released in 21.04. SRUs to Focal and Groovy need to be considered. ** Also affects: samba (Ubuntu Groovy) Importance: Undecided Status: New ** Changed in: samba (Ubuntu) Status: Triaged => Fix Released ** Changed in: samba (Ubuntu Groovy) Status: New => Confirmed ** Tags added: server-next -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
This bug is due to a double-free in source3/librpc/crypto/gse.c where
gse_ctx->k5ctx is freed twice if gse_context_init fails and the err_out
path is taken.
The beginning of gse_context_init calls talloc_set_destructor to call
gse_context_destructor:
talloc_set_destructor((TALLOC_CTX *)gse_ctx,
gse_context_destructor);
This gse_context_destructor callback function is triggered by calls to
TALLOC_FREE(gse_ctx) and frees pointers stored in the gse_ctx structure
including gse_ctx->k5ctx:
if (gse_ctx->k5ctx) {
if (gse_ctx->ccache) {
krb5_cc_close(gse_ctx->k5ctx, gse_ctx->ccache);
gse_ctx->ccache = NULL;
}
if (gse_ctx->keytab) {
krb5_kt_close(gse_ctx->k5ctx, gse_ctx->keytab);
gse_ctx->keytab = NULL;
}
krb5_free_context(gse_ctx->k5ctx);
gse_ctx->k5ctx = NULL;
}
However, if gse_context_init fails and takes the err_out path,
gse_ctx->k5ctx is freed without setting that pointer to NULL and then
immediately calls TALLOC_FREE(gse_ctx) which then attempts to free
gse_ctx->k5ctx a second time:
err_out:
if (gse_ctx->k5ctx) {
krb5_free_context(gse_ctx->k5ctx);
}
TALLOC_FREE(gse_ctx);
This results in the following double-free stack trace:
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x77443859 in __GI_abort () at abort.c:79
#2 0x774ae3ee in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x775d8285 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3 0x774b647c in malloc_printerr (str=str@entry=0x775da5d0
"free(): double free detected in tcache 2") at malloc.c:5347
#4 0x774b80ed in _int_free (av=0x77609b80 ,
p=0x555ce2c0, have_lock=0) at malloc.c:4201
#5 0x76cc29f9 in krb5_free_context (context=0x555cdcd0) at
../../source4/heimdal/lib/krb5/context.c:595
#6 0x773e75d1 in gse_context_destructor (ptr=ptr@entry=0x555cdc50)
at ../../source3/librpc/crypto/gse.c:84
#7 0x7776553e in _tc_free_internal (tc=0x555cdbf0,
location=0x773f2480 "../../source3/librpc/crypto/gse.c:241") at
../../talloc.c:1157
#8 0x773e826c in gse_context_init
(mem_ctx=mem_ctx@entry=0x555cdb60, do_sign=,
do_seal=, add_gss_c_flags=,
_gse_ctx=_gse_ctx@entry=0x7fffd500,
ccache_name=) at ../../source3/librpc/crypto/gse.c:241
#9 0x773e8433 in gse_init_client (ccache_name=0x0, realm=, username=, password=, _gse_ctx=, add_gss_c_flags=,
service=0x555ccdf0 "cifs", server=0x555ccfb0 "freenas",
do_seal=, do_sign=, mem_ctx=0x555cdb60) at
../../source3/librpc/crypto/gse.c:268
#10 gensec_gse_client_start (gensec_security=0x555cdb60) at
../../source3/librpc/crypto/gse.c:786
#11 0x77390453 in gensec_start_mech (gensec_security=0x555cdb60) at
../../auth/gensec/gensec_start.c:743
#12 gensec_start_mech (gensec_security=0x555cdb60) at
../../auth/gensec/gensec_start.c:704
#13 0x77387822 in gensec_spnego_client_negTokenInit_step
(gensec_security=0x555c9b70, spnego_state=0x555cc1b0, n=0x555cd4a0,
spnego_in=, last_status=...,
in_mem_ctx=, in_next=0x555cd3f8) at
../../auth/gensec/spnego.c:633
#14 0x77387e02 in gensec_spnego_client_negTokenInit_start
(gensec_security=0x555c9b70, spnego_state=0x555cc1b0, n=0x555cd4a0,
spnego_in=0x555cd368, in_mem_ctx=0x555cd340,
in_next=0x555cd3f8) at ../../auth/gensec/spnego.c:537
#15 0x77388b84 in gensec_spnego_update_pre (req=0x555cd190) at
../../auth/gensec/spnego.c:1943
#16 gensec_spnego_update_send (mem_ctx=, ev=0x555aee90,
gensec_security=, in=...) at ../../auth/gensec/spnego.c:1741
#17 0x7738f3b0 in gensec_update_send (mem_ctx=,
ev=0x555aee90, gensec_security=0x555c9b70, in=...) at
../../auth/gensec/gensec.c:449
#18 0x77f6dba6 in cli_session_setup_gensec_local_next
(req=0x555c9d90) at ../../source3/libsmb/cliconnect.c:997
#19 0x77f6f520 in cli_session_setup_gensec_send
(target_service=0x77fa478e "cifs", target_hostname=0x555ca480
"freenas", creds=0x555adf90, cli=0x555adf90, ev=0x555aee90,
mem_ctx=) at ../../source3/libsmb/cliconnect.c:977
#20 cli_session_setup_spnego_send (creds=0x555adf90, cli=0x555adf90,
ev=0x555aee90, mem_ctx=) at
../../source3/libsmb/cliconnect.c:1346
#21 cli_session_setup_creds_send (mem_ctx=mem_ctx@entry=0x555aee90,
ev=ev@entry=0x555aee90, cli=cli@entry=0x555adf90,
creds=creds@entry=0x555b4380) at ../../source3/libsmb/cliconnect.c:1505
#22 0x77f6fcad in cli_session_setup_creds (cli=0x555adf90,
creds=creds@entry=0x555b4380) at ../../source3/libsmb/cliconnect.c:1843
#23 0x77f8ca57 in do_connect (ctx=ctx@entry=0x555aae90,
server=,
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
The /etc/krb5.conf is installed and configured by FreeIPA. See attached
krb5.conf
Indeed it has
[libdefaults]
default_ccache_name = KEYRING:persistent:%{uid}
** Attachment added: "krb5.conf"
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+attachment/5406950/+files/krb5.conf
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892145
Title:
smbclient cannot connect anonymously in Kerberos context (freeipa)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
Interesting, on a machine where I installed smbclient and heimdal- clients, smbclient -L -N does grab the cifs/ kerberos ticket, even though I didn't supply -k: ubuntu@focal-heimdal-client:~$ klist klist: No ticket file: /tmp/krb5cc_1000 ubuntu@focal-heimdal-client:~$ kinit ubu...@example.com's Password: ubuntu@focal-heimdal-client:~$ smbclient -L focal-smbclient-kerberos.lxd -N Sharename Type Comment - --- print$ Disk Printer Drivers storage Disk IPC$IPC IPC Service (focal-smbclient-kerberos server (Samba, Ubuntu)) ubuntu Disk Home directory of ubuntu SMB1 disabled -- no workgroup available ubuntu@focal-heimdal-client:~$ klist Credentials cache: FILE:/tmp/krb5cc_1000 Principal: ubu...@example.com IssuedExpires Principal Aug 31 17:26:04 2020 Sep 1 03:26:04 2020 krbtgt/example@example.com Aug 31 17:26:06 2020 Sep 1 03:26:04 2020 cifs/focal-smbclient-kerberos@example.com That is not the behavior when I'm using kinit from krb5-user (MIT). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
I'm failing to understand upstream's release process. The commit that added keyring support is from December 24th, 2018. Heimdal 7.7.0 (latest release) was tagged in June 3rd, 2019: commit e1959605bd490e1eb9ea5e2277f4a332208097de (tag: heimdal-7.7.0) Author: Jeffrey Altman Date: Mon Jun 3 23:53:04 2019 -0400 Bump version to 7.7.0 But does not have the keyring commit. Furthermore, the 7.7.0 tag is in the heimdal-7-1 branch, which I assumed was for an old 7.1.x series, but doesn't like it. Bottom line, KEYRING support is not in any release of heimdal yet. The smbclient core dump is something I would like to reproduce, though, but I think I will need your config files for that, as just setting the ccache type to KEYRING is not enough. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
I'm using a focal container for this test, with kdc and samba on localhost, but
using fqdn's for the access.
krb5-kdc 1.17-6ubuntu4
samba 2:4.11.6+dfsg-0ubuntu1.4
With the default ccache_type of FILE in ubuntu/debian:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: ubu...@example.com
...
smbclient //focal-smbclient-kerberos.lxd/storage -k (after kinit)
smbclient -L focal-smbclient-kerberos.lxd -k (after kinit)
smbclient -L focal-smbclient-kerberos.lxd -N (with or without kinit)
work.
The moment I set this in /etc/krb5.conf:
default_ccache_name = KEYRING:persistent:%{uid}
(is that the setting you have?)
Then some things change, but I don't get a core dump.
This works with or without kinit:
smbclient -L focal-smbclient-kerberos -N
These don't work after kinit:
$ smbclient -L focal-smbclient-kerberos -k
gensec_spnego_client_negTokenInit_step: Could not find a suitable mechtype in
NEG_TOKEN_INIT
session setup failed: NT_STATUS_INVALID_PARAMETER
$ smbclient //focal-smbclient-kerberos.lxd/storage -k
gensec_spnego_client_negTokenInit_step: Could not find a suitable mechtype in
NEG_TOKEN_INIT
session setup failed: NT_STATUS_INVALID_PARAMETER
$ klist
Ticket cache: KEYRING:persistent:1000:1000
Default principal: ubu...@example.com
Valid starting ExpiresService principal
08/31/20 14:49:10 09/01/20 00:49:10 krbtgt/example@example.com
renew until 09/01/20 14:49:09
I did find an upstream heimdal bug about adding support for KEYRING, and it's
closed now with a fix committed:
https://github.com/heimdal/heimdal/issues/166
I will have to investigate further to see how samba was built and
confirm our heimdal libraries in ubuntu have this support available. And
if this is the problem we are seeing here.
I'll check your core dump file now.
>From your side, if you switch the ccache type to FILE (or just remove
the KEYRING overriding config), does the core dump go away?
** Bug watch added: github.com/heimdal/heimdal/issues #166
https://github.com/heimdal/heimdal/issues/166
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1892145
Title:
smbclient cannot connect anonymously in Kerberos context (freeipa)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
Can you share your /etc/krb5.conf file? I don't know all the options that the freeipa setup changes there from the defaults. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
** Also affects: samba (Ubuntu Groovy) Importance: Undecided Status: Incomplete ** Also affects: samba (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: samba (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: samba (Ubuntu Bionic) Status: New => Fix Released ** Changed in: samba (Ubuntu Groovy) Status: Incomplete => Triaged ** Changed in: samba (Ubuntu Focal) Status: New => Confirmed ** No longer affects: samba (Ubuntu Groovy) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
Here is the core dump. ** Attachment added: "Core dump" https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+attachment/5404296/+files/core -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
Well, it didn't actually create a core dump. It only said so. I'll see what I can do to actually create the dump. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
Thanks for taking the time to report this issue and try to make Ubuntu better. You mentioned you already have a workaround for your problem, it's a good start. You also mentioned it crashed and you got a core dump, could you please share this core dump with us? I am changing the status to Incomplete, when you provide the core dump please change it back to New and we will revisit this bug. ** Changed in: samba (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
A workaround is to confuse smbclient by setting KRB5CCNAME to an unknown file KRB5CCNAME=FILE:/none-existing-file I just strumbled on a note from Alexander Bokovoy "... and Samba on Debian/Ubuntu is compiled with Heimdal Kerberos ... Heimdal has no support for KEYRING type" -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892145] Re: smbclient cannot connect anonymously in Kerberos context (freeipa)
There is an option -k, to enable Kerberos. But there is no option to disable it. Smbclient decides on its own to use Kerberos, and it crashes (core dumped) while doing so. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892145 Title: smbclient cannot connect anonymously in Kerberos context (freeipa) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1892145/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
