gensec returns the wrong error to kerberos errors like Ticket Expired and clock skew issues
realrichardsharpe at gmail.com
Wed Nov 4 18:00:48 UTC 2015
A capture I have indicates that when a Windows server gets a
KRB5KRB_AP_ERR_TKT_EXPIRED error it returns
STATUS_MORE_PROCESSING_REQUIRED along with an SPNEGO negTokenTarg with
the Kerberos error blob in it.
Samba, and it looks like gensec, folds that down to LOGON_FAILED,
which makes it very hard for admins to figure out what the real error
Is there a bugzilla on this?
If I get a chance I will try to provide a fix.
More information about the samba-technical