[Samba] making smbclient work with a DFS setup where mount.cifs does work / disabling krb5 for testing?

Ralph Boehme slow at samba.org
Thu Jan 13 10:08:30 UTC 2022


On 1/13/22 00:24, Dr. Thomas Orgis via samba wrote:
> # smbclient -d 7 -U user at domain.suffix //ad.domain.suffix/daten
> INFO: Current debug levels:

fwiw, to get useful logs use loglevel 10. Anything below is useless for 
debugging. Anything above is rarely adding anything important.

> […]
> My question at that point: It very much looks like smbclient is trying
> to get things running using krb5 authentication. I'm pretty sure that
> mount.cifs is not attempting that. Is there some way to make smbclient
> try something else? Or fall back to NTLMSSP? I only found an option to
> explicitly _enforce_ krb5, not disable it.

It depends on the version. Iirc in older versions -k no? In 4.15 

You could also just use the server IP instead of the DNS name, that will 
implicitly prevent Kerberos from being used.

> I'd like to debug smbclient not working and any possible path down into
> Kerberos realms separately. I do remember trying krb5 explicitly on a
> system where kinit/klist worked just fine getting a ticket, but I got
> the same „Message stream modified“ error when trying to access DFS
> links. On that system, mount.cifs also doesn't do the trick with DFS.
> There could be all kinds of fun with network limitations for machines
> not in segregated Windows networks, so I am trying to establish a
> baseline here on a system that is just fine with the DFS using
> mount.cifs.

Well, for debugging the DFS issue a network trace and loglevel 10 log 
would be helpful and the hopefully someone has some spare time to look 
into those logs.


Ralph Boehme, Samba Team                 https://samba.org/
SerNet Samba Team Lead      https://sernet.de/en/team-samba
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20220113/8608846e/OpenPGP_signature.sig>

More information about the samba mailing list