The Samba-Bugzilla – Bug 11933
After upgrading to 4.3.9 lost possibility to login to NetApp using Kerberos
Last modified: 2016-06-02 07:14:44 UTC
Created attachment 12129 [details]
smbclient -d 10
Observed on Ubuntu 14.04 and 16.04.
The problem started right after upgrade to 4.3.9 and was working fine with 4.1.6 before that.
What was expected:
smbclient was expected to access the NetApp share
What actually happened:
NT_STATUS_NOT_SUPPORTED is returned instead
Attaching a smbclient log with -d 10 switch.
Can you get wireshark traces of the krb5 login working (4.1.6) and failing (4.3.9) so we can compare ?
Thank Jeremy. Unfortunately I was unable to downgrade to a clean and working environment.
Is there anything else I could provide to identify the cause of the issue?
Well a wireshark trace of it failing would still help. Try getting a wireshark trace of a Windows client working for comparison.
I could reproduce this with Samba 4.3.9 on Fedora 23. After removing client max protocol = smb3 (thus replacing it with default), it works.
I guess NetApp does not yet support SMB3_11 (default if client max protocol = smb3)
Ok, checked again, it is not because of the version, it seems to be FSCTL_VALIDATE_NEGOTIATE_INFO returning NT_STATUS_NOT_SUPPORTED. If using version NT1 this is not used.
(In reply to void from comment #5)
Can you provide a network capture for the failing case,
Created attachment 12158 [details]
edited ascii export of tcpdump
I can attach a somewhat edited ascii export of a tcpdump done during smbclient -k //fileserver.fqdn/Folder. Server fileserver.fqdn is the NetApp. Client is smbclient 4.3.9.
Hope this somewhat helps.