SPNEGO failure with spnego:simulate_w2k=yes after MIT patches
Stefan Metzmacher
metze at samba.org
Sun Jun 11 21:20:46 UTC 2017
Hi Andrew,
>> What I don't understand is why this passes as part of a full make test,
>> but fails when only running the test on its own.
>>
>> The level 4 logs give this clue:
>>
>> kerberos_get_realm_from_hostname VAMPIRE2000DC: failed Cannot determine
>> realm for host
>> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/VAMPIRE2000DC
>> failed (next[ntlmssp]): NT_STATUS_NO_MEMORY
Given the above message the attached patch may fix it...
metze
-------------- next part --------------
From d15b1f4860fd3d4a0c0641f31507ffe27ad9681c Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Sun, 11 Jun 2017 23:19:01 +0200
Subject: [PATCH] krb5_wrap: handle KRB5_ERR_HOST_REALM_UNKNOWN in
smb_krb5_get_realm_from_hostname()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
lib/krb5_wrap/krb5_samba.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 2e43f79..0c8b402 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -2669,6 +2669,10 @@ char *smb_krb5_get_realm_from_hostname(TALLOC_CTX *mem_ctx,
}
kerr = krb5_get_host_realm(ctx, hostname, &realm_list);
+ if (kerr == KRB5_ERR_HOST_REALM_UNKNOWN) {
+ realm_list = NULL;
+ kerr = 0;
+ }
if (kerr != 0) {
DEBUG(3,("kerberos_get_realm_from_hostname %s: "
"failed %s\n",
--
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170611/c69f5468/signature.sig>
More information about the samba-technical
mailing list