Bug 15855 - testparm problem validating "sync machine password to keytab" setting
Summary: testparm problem validating "sync machine password to keytab" setting
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.22.1
Hardware: All Linux
: P5 minor (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-05-15 13:57 UTC by pietsch
Modified: 2025-05-18 22:58 UTC (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description pietsch 2025-05-15 13:57:55 UTC 
When configuring the setting "sync machine password to keytab" the testparm utility doesn't validate the settings correctly and/or the corresponding examples in the smb.conf man are invalid.

The smb.conf man page lists some examples for the "sync machine password to keytab" setting. With some of them the testparm utility is generating an error message:

- "/path/to/keytab8:sync_account_name:sync_upn:sync_spns:spn_prefixes=host,cifs,http:spns=wurst/brot@REALM:sync_kvno:machine_password" generates an error 
  "ERROR: unknown option 'spns=wurst/brot@REALM'"

- "/path/to/keytab:host:account_name:sync_spns:sync_kvno:machine_password" (the winbind example) generates the error:
   "ERROR: unknown option 'sync_spns' in line: /path/to/keytab:host:account_name:sync_spns:sync_kvno:machine_password"

The settings seems to be applied correctly as in the keytab8 example the resulting keytab does contain the "wurst/brot@REALM" spn afterwards.

The issue occurred with a samba cluster setup with version 4.22.1-Debian-4.22.1+dfsg-1~bpo12+1 from debian bookworm-backports.