gensec returns the wrong error to kerberos errors like Ticket Expired and clock skew issues
Richard Sharpe
realrichardsharpe at gmail.com
Wed Nov 4 18:00:48 UTC 2015
Hi folks,
A capture I have indicates that when a Windows server gets a
KRB5KRB_AP_ERR_TKT_EXPIRED error it returns
STATUS_MORE_PROCESSING_REQUIRED along with an SPNEGO negTokenTarg with
the Kerberos error blob in it.
Samba, and it looks like gensec, folds that down to LOGON_FAILED,
which makes it very hard for admins to figure out what the real error
is.
Is there a bugzilla on this?
If I get a chance I will try to provide a fix.
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list