-I have a trouble when I try connect to my samba server 4.1 using Ubuntu 14.04 client (using the same steps on Fedora 22 client I can connect fine). -klist and kinit works fine in both systems; -kerberos version 5 1.12; -using the "smbclient -K //server/share -d3" I got (snipped): Doing kerberos session setup krb5_init_context failed (invalid argument) cli_session_setup_kerberos: spnego_gen_krb5_negTokenInit failed: invalid argument SPNEGO login failed: Undetermined error session setup failed: NT_STATUS_UNSUCCESSFUL Here my krb5.conf: #File modified by ipa-client-install includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = OTHERNAME dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h forwardable = yes [realms] OTHERNAME = { pkinit_anchors = FILE:/etc/ipa/ca.crt } [domain_realm] .othername = OTHERNAME othername = OTHERNAME [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log I cant identify if I have missing or incorrect parameters in any .conf file. I appreciate any help about this issue. Thank you
(In reply to marcio from comment #0) Hey Marcio, Is problem fixed with youngest smbclient? samba-4.7.1 does not incorporate the function cli_session_setup_kerberos_send() samba-3.6.23 static struct tevent_req *cli_session_setup_kerberos_send(){ /* * Ok, this is cheating: spnego_gen_krb5_negTokenInit can block if * we have to acquire a ticket. To be fixed later :-) */ rc = spnego_gen_krb5_negTokenInit(state, principal, 0, &state->negTokenTarg, &state->session_key_krb5, 0, NULL); if (rc) { DEBUG(1, ("cli_session_setup_kerberos: " "spnego_gen_krb5_negTokenInit failed: %s\n", error_message(rc))); state->ads_status = ADS_ERROR_KRB5(rc); tevent_req_nterror(req, NT_STATUS_UNSUCCESSFUL); return tevent_req_post(req, ev); } } There have been changes in SPNego protocol handling with krb5-1.15. My constraint is I don't have Ubuntu box, mea culpa can not repro.
This isn't a Samba bug, it is caused by having an 'includedir' line in krb5.conf, Heimdal doesn't know anything about this.