[Samba] making smbclient work with a DFS setup where mount.cifs does work / disabling krb5 for testing?
Ralph Boehme
slow at samba.org
Thu Jan 13 10:08:30 UTC 2022
Hello,
On 1/13/22 00:24, Dr. Thomas Orgis via samba wrote:
> # smbclient -d 7 -U user at domain.suffix //ad.domain.suffix/daten
> INFO: Current debug levels:
fwiw, to get useful logs use loglevel 10. Anything below is useless for
debugging. Anything above is rarely adding anything important.
> […]
> My question at that point: It very much looks like smbclient is trying
> to get things running using krb5 authentication. I'm pretty sure that
> mount.cifs is not attempting that. Is there some way to make smbclient
> try something else? Or fall back to NTLMSSP? I only found an option to
> explicitly _enforce_ krb5, not disable it.
It depends on the version. Iirc in older versions -k no? In 4.15
--use-kerberos=off
You could also just use the server IP instead of the DNS name, that will
implicitly prevent Kerberos from being used.
> I'd like to debug smbclient not working and any possible path down into
> Kerberos realms separately. I do remember trying krb5 explicitly on a
> system where kinit/klist worked just fine getting a ticket, but I got
> the same „Message stream modified“ error when trying to access DFS
> links. On that system, mount.cifs also doesn't do the trick with DFS.
> There could be all kinds of fun with network limitations for machines
> not in segregated Windows networks, so I am trying to establish a
> baseline here on a system that is just fine with the DFS using
> mount.cifs.
Well, for debugging the DFS issue a network trace and loglevel 10 log
would be helpful and the hopefully someone has some spare time to look
into those logs.
-slow
--
Ralph Boehme, Samba Team https://samba.org/
SerNet Samba Team Lead https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220113/8608846e/OpenPGP_signature.sig>
More information about the samba
mailing list