[Samba] knit and smbclient executed with different users but no error thrown
mathias dufresne
infractory at gmail.com
Mon Apr 4 09:53:24 UTC 2016
Hi Paul,
I think -U is just ignored when -k and a valid ticket is available.
Here you have a valid ticket, you use -k to ask smbclient to use
credentials from that ticket, and you add -U for another user.
Please try same smbclient command without -k, it should ask you the
password for test123 user.
That's not a bug, for me it is a lack of documentation on how to use -k
switches with almost all samba commands.
2016-04-01 21:30 GMT+02:00 Paul Simon <paulsimon.c at gmail.com>:
> Hi,
>
> I am using different users while executing kinit and smbclient as shown
> below, but I am not getting any error. How can a initial ticket granted to
> one user can be used for another user. Can you give some clarification. I
> am not an expert hence this doubt. I am using win 2003 AD.
>
> [root at 0050568B7DEB samba-4.3.4]# klist
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
>
> [root at 0050568B7DEB samba-4.3.4]# kinit nagaraj
> Password for nagaraj at TEST.LOCAL:
>
> [root at 0050568B7DEB samba-4.3.4]# ./bin/smbclient -L ADIR -s
> /etc/samba/smb.conf -U test123 -k -d 5
> INFO: Current debug levels:
> all: 5
> tdb: 5
> printdrivers: 5
> lanman: 5
> smb: 5
> rpc_parse: 5
> rpc_srv: 5
> rpc_cli: 5
> passdb: 5
> sam: 5
> auth: 5
> winbind: 5
> vfs: 5
> idmap: 5
> quota: 5
> acls: 5
> locking: 5
> msdfs: 5
> dmapi: 5
> registry: 5
> scavenger: 5
> dns: 5
> ldb: 5
> tevent: 5
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> INFO: Current debug levels:
> all: 5
> tdb: 5
> printdrivers: 5
> lanman: 5
> smb: 5
> rpc_parse: 5
> rpc_srv: 5
> rpc_cli: 5
> passdb: 5
> sam: 5
> auth: 5
> winbind: 5
> vfs: 5
> idmap: 5
> quota: 5
> acls: 5
> locking: 5
> msdfs: 5
> dmapi: 5
> registry: 5
> scavenger: 5
> dns: 5
> ldb: 5
> tevent: 5
> Processing section "[global]"
> doing parameter workgroup = TEST
> doing parameter realm = test.local
> doing parameter server string = Samba Server Version %v
> doing parameter log file = /var/log/samba/log.%m
> doing parameter max log size = 50
> doing parameter security = user
> doing parameter passdb backend = tdbsam
> doing parameter load printers = yes
> doing parameter cups options = raw
> pm_process() returned Yes
> added interface eth1 ip=172.16.220.2 bcast=172.16.220.255
> netmask=255.255.255.0
> added interface virbr0 ip=192.168.122.1 bcast=192.168.122.255
> netmask=255.255.255.0
> added interface eth2 ip=10.10.220.2 bcast=10.10.220.255
> netmask=255.255.255.0
> added interface eth0 ip=10.133.133.13 bcast=10.133.133.255
> netmask=255.255.255.0
> Netbios name list:-
> my_netbios_names[0]="0050568B7DEB"
> Client started (version 4.3.4).
> Opening cache file at /usr/local/samba/var/cache/gencache.tdb
> Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
> sitename_fetch: No stored sitename for TEST.LOCAL
> name ADIR#20 found.
> Connecting to 10.133.140.66 at port 445
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_REUSEPORT = 0
> SO_SNDBUF = 19800
> SO_RCVBUF = 87380
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> TCP_DEFER_ACCEPT = 0
> session request ok
> Doing spnego session setup (blob length=88)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.2.840.113554.1.2.2.3
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=adir$@TEST.LOCAL
> cli_session_setup_spnego: using target hostname not SPNEGO principal
> kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
> FILE:/tmp/krb5cc_0
> cli_session_setup_spnego: guessed server principal=cifs/ADIR at TEST.LOCAL
> Doing kerberos session setup
> ads_krb5_mk_req: Advancing clock by 67 seconds to cope with clock skew
> ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration
> Fri, 01 Apr 2016 22:28:49 IST
> OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windows Server 2003
> 5.2]
> session setup ok
> tconx ok
> Sharename Type Comment
> --------- ---- -------
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Bind RPC Pipe: host ADIR auth_type 0, auth_level 1
> rpc_api_pipe: host ADIR
> rpc_read_send: data_to_read: 52
> check_bind_response: accepted!
> rpc_api_pipe: host ADIR
> rpc_read_send: data_to_read: 520
> IPC$ IPC Remote IPC
> C$ Disk Default share
> NETLOGON Disk Logon server share
> ADMIN$ Disk Remote Admin
> Dashboard Disk
> SYSVOL Disk Logon server share
> sitename_fetch: No stored sitename for TEST.LOCAL
> name ADIR#20 found.
> Connecting to 10.133.140.66 at port 139
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_REUSEPORT = 0
> SO_SNDBUF = 19800
> SO_RCVBUF = 87380
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> TCP_DEFER_ACCEPT = 0
> session request ok
> Doing spnego session setup (blob length=88)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.2.840.113554.1.2.2.3
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=adir$@TEST.LOCAL
> cli_session_setup_spnego: using target hostname not SPNEGO principal
> kerberos_get_default_realm_from_ccache: Trying to read krb5 cache:
> FILE:/tmp/krb5cc_0
> cli_session_setup_spnego: guessed server principal=cifs/ADIR at TEST.LOCAL
> Doing kerberos session setup
> ads_krb5_mk_req: Advancing clock by 67 seconds to cope with clock skew
> ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration
> Fri, 01 Apr 2016 22:28:49 IST
> OS=[Windows Server 2003 3790 Service Pack 2] Server=[Windows Server 2003
> 5.2]
> session setup ok
> tconx ok
> Server Comment
> --------- -------
> Workgroup Master
> --------- -------
>
>
> Thanks,
> Paul
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list