[cifs-protocol] RE: [Pfif] Other types of Kerberos messages on SamLogon Generic

Hongwei Sun hongweis at microsoft.com
Tue Sep 9 14:46:48 GMT 2008 

Metze,



 After we set time correctly, we got the following output.   The error doesn't look like related to verify PAC message.   Maybe we didn't go further enough.  Any suggestion?



Thanks!



Hongwei



--- After setting time ----

[root at fed8 source]# bin/smbtorture //VM-W2K8.test.net/public RPC-PAC -UTESTDOM/administrator%P at ssw0rd Using seed 1220921302 Running PAC We still need to perform a DsAddEntry() so that we can create the CN=NTDS Settings container.

Testing ServerReqChallenge

Testing ServerAuthenticate2

negotiate_flags=0x600fffff

TEST verify FAILED! - torture/rpc/remote_pac.c:101: status was NT_STATUS_INVALID_PARAMETER, expected NT_STATUS_OK:

gensec_start_mech_by_sasl_name (client) failed Delete of machine account torturepactest was successful.

Failed to connect to ldap URL 'ldap://VM-W2K8.test.net' - LDAP client internal

error: NT_STATUS_NO_MEMORY

Failed to connect to 'ldap://VM-W2K8.test.net'

PAC took 1.59224 secs



-----Original Message-----
From: Stefan (metze) Metzmacher [mailto:metze at samba.org]
Sent: Tuesday, September 09, 2008 1:30 AM
To: Hongwei Sun
Cc: Andrew Bartlett; pfif at tridgell.net; cifs-protocol at samba.org
Subject: Re: [Pfif] Other types of Kerberos messages on SamLogon Generic



Hongwei Sun schrieb:

> Andrew,

>

>

>

>   We ran Smbtortue RPC-PAC  testing on windows 2008 DC and got the following output.

>

>

>

> [root at fed8 source]# bin/smbtorture -k yes //VM-W2K8.nick.com/public RPC-PAC Using seed 1220896649 Running PAC Password for [NICKDOM\root]:

>

> Domain join failed - Connection to SAMR pipe of DC VM-W2K8.nick.com

> failed: Connection to DC VM-W2K8.nick.com failed:

> NT_STATUS_UNSUCCESSFUL Setup failed: torture/rpc/rpc.c:144: Failed to

> join as BDC PAC took 11.264 sec



I assume you're getting a clock skew error.

Make shure the clock is in sync.



We have a hacked patch to handle clock skew error more nicely, but it's not in our upstream code yet...



metze


-------------- next part --------------

3j�Zr���
���y��v�����

More information about the cifs-protocol mailing list