Bug 11933 - After upgrading to 4.3.9 lost possibility to login to NetApp using Kerberos
After upgrading to 4.3.9 lost possibility to login to NetApp using Kerberos
Status: NEEDINFO
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient
4.3.9
All All
: P5 regression
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-05-24 15:35 UTC by Dariusz Gadomski
Modified: 2016-06-02 07:14 UTC (History)
1 user (show)

See Also:


Attachments
smbclient -d 10 (17.83 KB, text/plain)
2016-05-24 15:35 UTC, Dariusz Gadomski
no flags Details
edited ascii export of tcpdump (167.73 KB, text/plain)
2016-06-02 07:14 UTC, void
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Dariusz Gadomski 2016-05-24 15:35:33 UTC
Created attachment 12129 [details]
smbclient -d 10

Observed on Ubuntu 14.04 and 16.04.
The problem started right after upgrade to 4.3.9 and was working fine with 4.1.6 before that.

What was expected:
smbclient was expected to access the NetApp share

What actually happened:
NT_STATUS_NOT_SUPPORTED is returned instead

Attaching a smbclient log with -d 10 switch.
Comment 1 Jeremy Allison 2016-05-24 19:59:50 UTC
Can you get wireshark traces of the krb5 login working (4.1.6) and failing (4.3.9) so we can compare ?

Thanks !
Comment 2 Dariusz Gadomski 2016-05-30 07:59:26 UTC
Thank Jeremy. Unfortunately I was unable to downgrade to a clean and working environment.

Is there anything else I could provide to identify the cause of the issue?
Comment 3 Jeremy Allison 2016-05-31 21:10:03 UTC
Well a wireshark trace of it failing would still help. Try getting a wireshark trace of a Windows client working for comparison.
Comment 4 void 2016-06-01 12:08:15 UTC
I could reproduce this with Samba 4.3.9 on Fedora 23. After removing client max protocol = smb3 (thus replacing it with default), it works.

I guess NetApp does not yet support SMB3_11 (default if client max protocol = smb3)
Comment 5 void 2016-06-01 12:32:08 UTC
Ok, checked again, it is not because of the version, it seems to be FSCTL_VALIDATE_NEGOTIATE_INFO returning NT_STATUS_NOT_SUPPORTED. If using version NT1 this is not used.
Comment 6 Stefan Metzmacher 2016-06-01 13:55:37 UTC
(In reply to void from comment #5)

Can you provide a network capture for the failing case,
see https://wiki.samba.org/index.php/Capture_Packets
Comment 7 void 2016-06-02 07:14:44 UTC
Created attachment 12158 [details]
edited ascii export of tcpdump

I can attach a somewhat edited ascii export of a tcpdump done during smbclient -k //fileserver.fqdn/Folder. Server fileserver.fqdn is the NetApp. Client is smbclient 4.3.9. 

Hope this somewhat helps.