[Samba] knit and smbclient executed with different users but no error thrown

Paul Simon paulsimon.c at gmail.com
Fri Apr 1 19:30:04 UTC 2016


Hi,

I am using different users while executing kinit and smbclient as shown
below, but I am not getting any error. How can a initial ticket granted to
one user can be used for another user. Can you give some clarification. I
am not an expert hence this doubt. I am using win 2003 AD.

[root at 0050568B7DEB samba-4.3.4]# klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)

[root at 0050568B7DEB samba-4.3.4]# kinit nagaraj
Password for nagaraj at TEST.LOCAL:

[root at 0050568B7DEB samba-4.3.4]#  ./bin/smbclient -L ADIR -s
/etc/samba/smb.conf  -U test123 -k -d 5
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
Processing section "[global]"
doing parameter workgroup = TEST
doing parameter realm = test.local
doing parameter server string = Samba Server Version %v
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 50
doing parameter security = user
doing parameter passdb backend = tdbsam
doing parameter load printers = yes
doing parameter cups options = raw
pm_process() returned Yes
added interface eth1 ip=172.16.220.2 bcast=172.16.220.255
netmask=255.255.255.0
added interface virbr0 ip=192.168.122.1 bcast=192.168.122.255
netmask=255.255.255.0
added interface eth2 ip=10.10.220.2 bcast=10.10.220.255
netmask=255.255.255.0
added interface eth0 ip=10.133.133.13 bcast=10.133.133.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="0050568B7DEB"
Client started (version 4.3.4).
Opening cache file at /usr/local/samba/var/cache/gencache.tdb
Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
sitename_fetch: No stored sitename for TEST.LOCAL
name ADIR#20 found.
Connecting to 10.133.140.66 at port 445
Socket options:
        SO_KEEPALIVE = 0
        SO_REUSEADDR = 0
        SO_BROADCAST = 0
        TCP_NODELAY = 1
        TCP_KEEPCNT = 9
        TCP_KEEPIDLE = 7200
        TCP_KEEPINTVL = 75
        IPTOS_LOWDELAY = 0
        IPTOS_THROUGHPUT = 0
        SO_REUSEPORT = 0
        SO_SNDBUF = 19800
        SO_RCVBUF = 87380
        SO_SNDLOWAT = 1
        SO_RCVLOWAT = 1
        SO_SNDTIMEO = 0
        SO_RCVTIMEO = 0
        TCP_QUICKACK = 1
        TCP_DEFER_ACCEPT = 0
 session request ok
Doing spnego session setup (blob length=88)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=adir$@TEST.LOCAL
cli_session_setup_spnego: using target hostname not SPNEGO principal
kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
FILE:/tmp/krb5cc_0
cli_session_setup_spnego: guessed server principal=cifs/ADIR at TEST.LOCAL
Doing kerberos session setup
ads_krb5_mk_req: Advancing clock by 67 seconds to cope with clock skew
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration
Fri, 01 Apr 2016 22:28:49 IST
OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windows Server 2003
5.2]
 session setup ok
 tconx ok
        Sharename       Type      Comment
        ---------       ----      -------
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Bind RPC Pipe: host ADIR auth_type 0, auth_level 1
rpc_api_pipe: host ADIR
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host ADIR
rpc_read_send: data_to_read: 520
        IPC$            IPC       Remote IPC
        C$              Disk      Default share
        NETLOGON        Disk      Logon server share
        ADMIN$          Disk      Remote Admin
        Dashboard       Disk
        SYSVOL          Disk      Logon server share
sitename_fetch: No stored sitename for TEST.LOCAL
name ADIR#20 found.
Connecting to 10.133.140.66 at port 139
Socket options:
        SO_KEEPALIVE = 0
        SO_REUSEADDR = 0
        SO_BROADCAST = 0
        TCP_NODELAY = 1
        TCP_KEEPCNT = 9
        TCP_KEEPIDLE = 7200
        TCP_KEEPINTVL = 75
        IPTOS_LOWDELAY = 0
        IPTOS_THROUGHPUT = 0
        SO_REUSEPORT = 0
        SO_SNDBUF = 19800
        SO_RCVBUF = 87380
        SO_SNDLOWAT = 1
        SO_RCVLOWAT = 1
        SO_SNDTIMEO = 0
        SO_RCVTIMEO = 0
        TCP_QUICKACK = 1
        TCP_DEFER_ACCEPT = 0
 session request ok
Doing spnego session setup (blob length=88)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=adir$@TEST.LOCAL
cli_session_setup_spnego: using target hostname not SPNEGO principal
kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
FILE:/tmp/krb5cc_0
cli_session_setup_spnego: guessed server principal=cifs/ADIR at TEST.LOCAL
Doing kerberos session setup
ads_krb5_mk_req: Advancing clock by 67 seconds to cope with clock skew
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration
Fri, 01 Apr 2016 22:28:49 IST
OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windows Server 2003
5.2]
 session setup ok
 tconx ok
        Server               Comment
        ---------            -------
        Workgroup            Master
        ---------            -------


Thanks,
Paul


More information about the samba mailing list