[Samba] ef205f6b52e "s3:gse: get an explicit ccache_name" breaks kerberos auth in smbclient
Michael Tokarev
mjt at tls.msk.ru
Tue Dec 31 20:49:22 UTC 2024
FWIW, samba 4.20 broke kerberos auth in smbclient. Namely, this commit:
commit ef205f6b52ea1fec13e647e15e4f3edf536fd93e
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Apr 14 15:23:13 2022 +0200
s3:gse: get an explicit ccache_name from creds and kinit if required
This means we may call kinit multiple times for now,
but we'll remove the kinit from the callers soon.
Before this one (using kinit):
$ smbclient -U mjt at TLS.MSK.RU -N //tsrv/mjt
Try "help" to get a list of possible commands.
smb: \>
After this commit:
$ smbclient -U mjt at TLS.MSK.RU -N //tsrv/mjt -d5
...
gensec_gse_client_prepare_ccache: No password for user principal[mjt at TLS.MSK.RU]
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INVALID_PARAMETER
...
session setup failed: NT_STATUS_LOGON_FAILURE
This is still happening in current master.
I guess this wasn't an intended behavior :)
Thanks,
/mjt
More information about the samba
mailing list