[Samba] smbclient with kerberos

[Rowland Penny]

On Sat, 2021-11-13 at 16:25 +0100, Stefan Kania via samba wrote:
> 	Error verifying signature: parse error
> --------------ms070005030707000005080303
> Content-Type: text/plain; charset=utf-8
> Content-Language: en-US
> Content-Transfer-Encoding: quoted-printable
> 
> I just tested the following:
> smb.conf
> =2E..
> client use kerberos =3D required
> =2E..
> 
> root at addc01:~# klist
> klist: No ticket file: /tmp/krb5cc_0
> 
> root at addc01:~# smbclient -L addc01 -U administrator
> Password for [EXAMPLE\administrator]:
> 
>         Sharename       Type      Comment
>         ---------       ----      -------
>         sysvol          Disk
>         netlogon        Disk
>         IPC$            IPC       IPC Service (Samba 4.15.1-Debian)
> SMB1 disabled -- no workgroup available
> 
> root at addc01:~# klist
> klist: No ticket file: /tmp/krb5cc_0
> 
> So using smbclient without Kerberos is still possible if "client use
> kerberos =3D required" is set. As I understand the manpage, it should
> not=
> 
> be possible to authenticate via password (NTLM).
> 
> Only an anonymous use of smbclient is not working:
> root at addc01:~# smbclient -L addc01
> Password for [EXAMPLE\root]:RETURN
> gensec_spnego_client_negTokenInit_step: Could not find a suitable
> mechtype in NEG_TOKEN_INIT
> session setup failed: NT_STATUS_INVALID_PARAMETER
> 
> What did I miss?

A big 'N' :-)

smbclient -NL addc01

Rowland