Client's credentials have been revoked trying to use an account I added during a self test

Richard Sharpe realrichardsharpe at
Wed Jun 29 02:08:08 UTC 2016

Hi folks,

I am trying to add this code to the net ads dns tests:

   # This should be an expect_failure test ...
   testit "Adding an unprivileged user" $VALGRIND $net_tool user add
$failed + 1`
   testit "unprivileged users should not be able to add a DNS entry"
$VALGRIND $net_tool ads dns register funnyname2.$REALM
-U$UNPRIVUSER%$UNPRIVPASS && failed=`expr $failed + 1`

The command to add the user succeeds, but the command to try to add
the dns NAM fails with this error:

samba4.blackbox.net_ads_dns(ad_member:local).unprivileged users should
not be able to add a DNS entry(ad_member:local)
REASON: Exception: Exception: kerberos_kinit_password
unprivuser at SAMBA.EXAMPLE.COM failed: Clients credentials have been

Why does that happen in the self test environment?

Richard Sharpe

More information about the samba-technical mailing list