smbtorture config issue?
in [Samba]
|
Prev: [Samba] LDAP Account Manager 2.9.0.RC1 released
Next: Joining winXP SP3 in samba 3.3.9 + openldap backend, why does't work?
From: Robert Freeman-Day on 7 Dec 2009 14:50 Kristy, I put up some ideas and things to think about in-line. I hope it helps out. Does anyone in the group coding for samba4 have anything to weigh in as well, esp the smb.conf and documentation issues? On Fri, 4 Dec 2009, Kristy Kallback-Rose wrote: > Date: Fri, 4 Dec 2009 16:11:55 -0500 > From: Kristy Kallback-Rose <kallbac(a)indiana.edu> > To: samba(a)lists.samba.org > Subject: [Samba] smbtorture config issue? > > Hello, > > I'm trying to run smbtorture against another system. I have installed > version 4.0.0alpha9 locally. The remote system is registered with ADS as: Any reason you are using samba4 for this testing? Documentation is pretty scarce. > > distinguishedName: CN=bl-uits-cictest,CN=Computers,DC=ads,DC=iu,DC=edu > name: bl-uits-cictest > dNSHostName: bl-uits-cictest.ads.iu.edu > servicePrincipalName: HOST/bl-uits-cictest.ads.iu.edu > servicePrincipalName: HOST/BL-UITS-CICTEST > > The server itself is cictest.cic.iu.edu, and I can connect to the > remote server with smbclient as such: > smbclient -s /usr/local/samba/etc/smb.conf -n bl-uits-cictest.ads.iu.edu > -Ukallbac //cictest.cic.iu.edu/projects Password: > Domain=[ADS] OS=[Unix] Server=[Samba 3.2.11-ctdb-65] > smb: \> quit This is using ntlmv2 if you have that directive in your smb.conf and not kerberos. client use ntlmv2 = yes > > > The problem is this: > > 1) smbtorture complains about the ads security setting: > /usr/local/samba/bin/smbtorture --realm=ads.iu.edu -T samba3 -d 3 -W ADS > --netbiosname=BL-UITS-CICTEST -U cictestuser3 //cictest.cic.iu.edu/projects > RAW-QFSINFO > lp_load: refreshing parameters from /usr/local/samba/etc/smb.conf > params.c:pm_process() - Processing configuration file > "/usr/local/samba/etc/smb.conf" > Processing section "[global]" > Unknown enumerated value 'ADS' for 'security' > params.c:pm_process() - Failed. Error returned from params.c:parse(). > > I have tried both ads and ADS, it doesn't seem to like either I no longer see the directive "security" mentioned in samba4, but I do see statements similar to "server-role" which may cover for security. http://wiki.samba.org/index.php/Samba4/HOWTO#Step_4:_Provision_Samba4 Not only is there no directive in the regular man pages (samba 3) for "server-role", but last I looked there was question as to whether the traditional smb.conf file would be used when samba4 would be released: http://lists.samba.org/archive/samba-technical/2005-March/039741.html > > 2) smbtorture proceeds to complain as such: > Server is not registered with our KDC: Miscellaneous failure (see text): > Server (cifs/cictest.cic.iu.edu(a)ADS.IU.EDU) unknown > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed to parse: > NT_STATUS_INVALID_PARAMETER > Got challenge flags: > Got NTLMSSP neg_flags=0x60898215 > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x60088215 > Server is not registered with our KDC: Miscellaneous failure (see text): > Server (cifs/cictest.cic.iu.edu(a)ADS.IU.EDU) unknown > SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed to parse: > NT_STATUS_INVALID_PARAMETER > Got challenge flags: > Got NTLMSSP neg_flags=0x60898215 > Password for [ADS\cictestuser3]: > > Fwiw, my krb5.conf has a default realm of ADS.IU.EDU as well as a realms > section for ADS.IU.EDU I can provide other information if it would be > helpful. Does your server have a cifs principal (ie cifs/fqdn.domain.edu(a)ADS.IU.EDU) for either bl-uits-cictest.ads.iu.edu or cictest.cic.iu.edu? It seems to be wanting to get the principal for "cifs/cictest.cic.iu.edu(a)ADS.IU.EDU". > > Can anyone offer some suggestions to troubleshoot this? > > Many thanks, > Kristy > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba ---Robert Freeman-Day --------------- I would really like you to be on my side, but the side you show me isn't what I had in mind. -Judybats GPG Public Key: http:keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |