[cifs-protocol] RE: [Pfif] Other types of Kerberos messages on SamLogon Generic

Hongwei Sun hongweis at microsoft.com
Tue Sep 9 14:46:48 GMT 2008


 After we set time correctly, we got the following output.   The error doesn't look like related to verify PAC message.   Maybe we didn't go further enough.  Any suggestion?



--- After setting time ----

[root at fed8 source]# bin/smbtorture //VM-W2K8.test.net/public RPC-PAC -UTESTDOM/administrator%P at ssw0rd Using seed 1220921302 Running PAC We still need to perform a DsAddEntry() so that we can create the CN=NTDS Settings container.

Testing ServerReqChallenge

Testing ServerAuthenticate2


TEST verify FAILED! - torture/rpc/remote_pac.c:101: status was NT_STATUS_INVALID_PARAMETER, expected NT_STATUS_OK:

gensec_start_mech_by_sasl_name (client) failed Delete of machine account torturepactest was successful.

Failed to connect to ldap URL 'ldap://VM-W2K8.test.net' - LDAP client internal


Failed to connect to 'ldap://VM-W2K8.test.net'

PAC took 1.59224 secs

-----Original Message-----
From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
Sent: Tuesday, September 09, 2008 1:30 AM
To: Hongwei Sun
Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: [Pfif] Other types of Kerberos messages on SamLogon Generic

Hongwei Sun schrieb:

> Andrew,




>   We ran Smbtortue RPC-PAC  testing on windows 2008 DC and got the following output.




> [root at fed8 source]# bin/smbtorture -k yes //VM-W2K8.nick.com/public RPC-PAC Using seed 1220896649 Running PAC Password for [NICKDOM\root]:


> Domain join failed - Connection to SAMR pipe of DC VM-W2K8.nick.com

> failed: Connection to DC VM-W2K8.nick.com failed:

> NT_STATUS_UNSUCCESSFUL Setup failed: torture/rpc/rpc.c:144: Failed to

> join as BDC PAC took 11.264 sec

I assume you're getting a clock skew error.

Make shure the clock is in sync.

We have a hacked patch to handle clock skew error more nicely, but it's not in our upstream code yet...


-------------- next part --------------


More information about the cifs-protocol mailing list