[Samba] knit and smbclient executed with different users but no error thrown
Paul Simon
paulsimon.c at gmail.com
Fri Apr 1 19:30:04 UTC 2016
Hi,
I am using different users while executing kinit and smbclient as shown
below, but I am not getting any error. How can a initial ticket granted to
one user can be used for another user. Can you give some clarification. I
am not an expert hence this doubt. I am using win 2003 AD.
[root at 0050568B7DEB samba-4.3.4]# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
[root at 0050568B7DEB samba-4.3.4]# kinit nagaraj
Password for nagaraj at TEST.LOCAL:
[root at 0050568B7DEB samba-4.3.4]# ./bin/smbclient -L ADIR -s
/etc/samba/smb.conf -U test123 -k -d 5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
Processing section "[global]"
doing parameter workgroup = TEST
doing parameter realm = test.local
doing parameter server string = Samba Server Version %v
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 50
doing parameter security = user
doing parameter passdb backend = tdbsam
doing parameter load printers = yes
doing parameter cups options = raw
pm_process() returned Yes
added interface eth1 ip=172.16.220.2 bcast=172.16.220.255
netmask=255.255.255.0
added interface virbr0 ip=192.168.122.1 bcast=192.168.122.255
netmask=255.255.255.0
added interface eth2 ip=10.10.220.2 bcast=10.10.220.255
netmask=255.255.255.0
added interface eth0 ip=10.133.133.13 bcast=10.133.133.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="0050568B7DEB"
Client started (version 4.3.4).
Opening cache file at /usr/local/samba/var/cache/gencache.tdb
Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
sitename_fetch: No stored sitename for TEST.LOCAL
name ADIR#20 found.
Connecting to 10.133.140.66 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 19800
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
Doing spnego session setup (blob length=88)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=adir$@TEST.LOCAL
cli_session_setup_spnego: using target hostname not SPNEGO principal
kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
FILE:/tmp/krb5cc_0
cli_session_setup_spnego: guessed server principal=cifs/ADIR at TEST.LOCAL
Doing kerberos session setup
ads_krb5_mk_req: Advancing clock by 67 seconds to cope with clock skew
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration
Fri, 01 Apr 2016 22:28:49 IST
OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windows Server 2003
5.2]
session setup ok
tconx ok
Sharename Type Comment
--------- ---- -------
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Bind RPC Pipe: host ADIR auth_type 0, auth_level 1
rpc_api_pipe: host ADIR
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host ADIR
rpc_read_send: data_to_read: 520
IPC$ IPC Remote IPC
C$ Disk Default share
NETLOGON Disk Logon server share
ADMIN$ Disk Remote Admin
Dashboard Disk
SYSVOL Disk Logon server share
sitename_fetch: No stored sitename for TEST.LOCAL
name ADIR#20 found.
Connecting to 10.133.140.66 at port 139
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 19800
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
Doing spnego session setup (blob length=88)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=adir$@TEST.LOCAL
cli_session_setup_spnego: using target hostname not SPNEGO principal
kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
FILE:/tmp/krb5cc_0
cli_session_setup_spnego: guessed server principal=cifs/ADIR at TEST.LOCAL
Doing kerberos session setup
ads_krb5_mk_req: Advancing clock by 67 seconds to cope with clock skew
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration
Fri, 01 Apr 2016 22:28:49 IST
OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windows Server 2003
5.2]
session setup ok
tconx ok
Server Comment
--------- -------
Workgroup Master
--------- -------
Thanks,
Paul
More information about the samba
mailing list