Some closed source SMB servers, check the gssapi channel bindings, and don't support the address type 255 for null bindings. Both heimdal and mit use 16 zero bytes instead of a md5 checksum of the channel bindings. See also: https://bugzilla.redhat.com/show_bug.cgi?id=645127 https://bugzilla.redhat.com/show_bug.cgi?id=622790
Created attachment 6171 [details] Patches to use krb5_auth_con_set_req_cksumtype()
Thanks Metze, any chance you could post these to the linux-cifs mailing list with a description of the problem? They look fine at first glance, aside from the bare 0x8003. It seems like that ought to have a #define'd constant added with a descriptive name.
Done, but I've extended the comment to explain where 0x8003 is comming from (RFC 4121), instead of adding a define, which would be only used in one place.
This is now in cifs-utils-4.8.1. Closing bug as FIXED.