[cifs-protocol] RE: [Pfif] Other types of Kerberos messages on
hongweis at microsoft.com
Tue Sep 9 14:46:48 GMT 2008
After we set time correctly, we got the following output. The error doesn't look like related to verify PAC message. Maybe we didn't go further enough. Any suggestion?
--- After setting time ----
[root at fed8 source]# bin/smbtorture //VM-W2K8.test.net/public RPC-PAC -UTESTDOM/administrator%P at ssw0rd Using seed 1220921302 Running PAC We still need to perform a DsAddEntry() so that we can create the CN=NTDS Settings container.
TEST verify FAILED! - torture/rpc/remote_pac.c:101: status was NT_STATUS_INVALID_PARAMETER, expected NT_STATUS_OK:
gensec_start_mech_by_sasl_name (client) failed Delete of machine account torturepactest was successful.
Failed to connect to ldap URL 'ldap://VM-W2K8.test.net' - LDAP client internal
Failed to connect to 'ldap://VM-W2K8.test.net'
PAC took 1.59224 secs
From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
Sent: Tuesday, September 09, 2008 1:30 AM
To: Hongwei Sun
Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: [Pfif] Other types of Kerberos messages on SamLogon Generic
Hongwei Sun schrieb:
> We ran Smbtortue RPC-PAC testing on windows 2008 DC and got the following output.
> [root at fed8 source]# bin/smbtorture -k yes //VM-W2K8.nick.com/public RPC-PAC Using seed 1220896649 Running PAC Password for [NICKDOM\root]:
> Domain join failed - Connection to SAMR pipe of DC VM-W2K8.nick.com
> failed: Connection to DC VM-W2K8.nick.com failed:
> NT_STATUS_UNSUCCESSFUL Setup failed: torture/rpc/rpc.c:144: Failed to
> join as BDC PAC took 11.264 sec
I assume you're getting a clock skew error.
Make shure the clock is in sync.
We have a hacked patch to handle clock skew error more nicely, but it's not in our upstream code yet...
-------------- next part --------------
More information about the cifs-protocol