Re: Fedora 32: samba 4.12.2: Problem with access from win10b to win10a via remote desktop
Il giorno dom, 17/05/2020 alle 16.08 +0200, Dario Lesca ha scritto: > Done: https://bugzilla.redhat.com/show_bug.cgi?id=1836630 I must fill a bug also on samba's bugzilla? -- Dario Lesca (inviato dal mio Linux Fedora 32 Workstation) ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Fedora 32: samba 4.12.2: Problem with access from win10b to win10a via remote desktop
Il giorno sab, 16/05/2020 alle 22.17 +0300, Alexander Bokovoy ha scritto: > Please open a bug in bugzilla. Done: https://bugzilla.redhat.com/show_bug.cgi?id=1836630 -- Dario Lesca (inviato dal mio Linux Fedora 32 Workstation) ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Fedora 32: samba 4.12.2: Problem with access from win10b to win10a via remote desktop
On la, 16 touko 2020, Dario Lesca wrote:
Il giorno ven, 15/05/2020 alle 18.08 +0200, Dario Lesca ha scritto:
I have a test environment for test samba AD MIT kerberos out of the
box
I have a AD-DC samba on Fedora 32 (addc1), a Centos 8 member server
(centos8) and two PC windows 10 (win10a and win10b), fedora.loc is
the
AD domain name
All work fine except access from windows to windows with remote
desktop. I work with administra...@fedora.loc and when I try to
accessI get a password request for this user and
This is what I get into /var/log/samba/mit_kdc.log:
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): AS_REQ (6 etypes
{aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
UNSUPPORTED:(-135), UNSUPPORTED:des-cbc-md5(3)}) 192.168.122.102:
NEEDED_PREAUTH: Administrator@FEDORA for krbtgt/FEDORA@FEDORA,
Additional pre-authentication required
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
19
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): AS_REQ (6 etypes
{aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
UNSUPPORTED:(-135), UNSUPPORTED:des-cbc-md5(3)}) 192.168.122.102:
ISSUE: authtime 1589554729, etypes {rep=aes256-cts-hmac-sha1-96(18),
tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)},
Administrator@FEDORA for krbtgt/FEDORA@FEDORA
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
19
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): TGS_REQ (5
etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
UNSUPPORTED:(-135)}) 192.168.122.102: ISSUE: authtime 1589554729,
etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-
96(18), ses=aes256-cts-hmac-sha1-96(18)}, administra...@fedora.loc
for TERMSRV/win...@fedora.loc
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
19
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): TGS_REQ
192.168.122.102: 2ND_TKT_MISMATCH: authtime 1589554729,
administra...@fedora.loc for TERMSRV/win...@fedora.loc, 2nd tkt
client WIN10A$@FEDORA.LOC
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
19
If I access via file manager (\\win10a\share) from window to a shared
folder on another windows it work.
If I try to access to win10a from fedora addc1 server with xfreerdp
utility I can access without problem, this is the log:
[lesca@addc1 ~]$ xfreerdp /u:administra...@fedora.loc
/v:win10a.fedora.loc
[18:01:32:549] [2340:2341] [INFO][com.freerdp.core] -
freerdp_connect:freerdp_set_last_error_ex resetting error state
[18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline]
- loading channelEx rdpdr
[18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline]
- loading channelEx rdpsnd
[18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline]
- loading channelEx cliprdr
[18:01:35:857] [2340:2341] [INFO][com.freerdp.primitives] -
primitives autodetect, using optimized
[18:01:35:864] [2340:2341] [INFO][com.freerdp.core] -
freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex
resetting error state
[18:01:35:867] [2340:2341] [INFO][com.freerdp.core] -
freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state
[18:01:35:886] [2340:2341] [WARN][com.freerdp.crypto] - Certificate
verification failure 'unable to get local issuer certificate (20)' at
stack position 0
[18:01:35:886] [2340:2341] [WARN][com.freerdp.crypto] - CN =
win10a.fedora.loc
Password:
[18:01:39:264] [2340:2341] [INFO][com.freerdp.gdi] - Local
framebuffer format PIXEL_FORMAT_BGRX32
[18:01:39:265] [2340:2341] [INFO][com.freerdp.gdi] - Remote
framebuffer format PIXEL_FORMAT_RGB16
[18:01:40:343] [2340:2341] [INFO][com.winpr.clipboard] - initialized
POSIX local file subsystem
[18:01:41:829] [2340:2341] [INFO][com.freerdp.channels.rdpsnd.client]
- Loaded fake backend for rdpsnd
[18:02:12:906] [2340:2341] [INFO][com.freerdp.core] -
rdp_set_error_info:freerdp_set_last_error_ex resetting error state
[18:02:12:906] [2340:2347]
[WARN][com.freerdp.channels.cliprdr.common] -
[cliprdr_packet_format_list_new] called with invalid type
Is this a know issue or it is a bugs?
If you need some other informations let me know
Many thanks
Is this the right place for submit this kind of question?
Or I must use another channel? what?
Please open a bug in bugzilla.
This is one of user-to-user authentication cases that aren't implemented
properly in MIT Kerberos and Samba AD for aliases (SPNs) of the machine
account:
19 mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): TGS_REQ
192.168.122.102: 2ND_TKT_MISMATCH: authtime 1589554729,
administra...@fedora.loc for TERMSRV/win...@fedora.loc, 2nd tkt
client WIN10A$@FEDORA.LOC
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
From Windows point of view TERMSRV/win10a is a service principal
Re: Fedora 32: samba 4.12.2: Problem with access from win10b to win10a via remote desktop
Il giorno ven, 15/05/2020 alle 18.08 +0200, Dario Lesca ha scritto:
> I have a test environment for test samba AD MIT kerberos out of the
> box
>
> I have a AD-DC samba on Fedora 32 (addc1), a Centos 8 member server
> (centos8) and two PC windows 10 (win10a and win10b), fedora.loc is
> the
> AD domain name
>
> All work fine except access from windows to windows with remote
> desktop. I work with administra...@fedora.loc and when I try to
> accessI get a password request for this user and
>
> This is what I get into /var/log/samba/mit_kdc.log:
>
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): AS_REQ (6 etypes
> {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
> DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
> UNSUPPORTED:(-135), UNSUPPORTED:des-cbc-md5(3)}) 192.168.122.102:
> NEEDED_PREAUTH: Administrator@FEDORA for krbtgt/FEDORA@FEDORA,
> Additional pre-authentication required
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
> 19
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): AS_REQ (6 etypes
> {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
> DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
> UNSUPPORTED:(-135), UNSUPPORTED:des-cbc-md5(3)}) 192.168.122.102:
> ISSUE: authtime 1589554729, etypes {rep=aes256-cts-hmac-sha1-96(18),
> tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)},
> Administrator@FEDORA for krbtgt/FEDORA@FEDORA
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
> 19
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): TGS_REQ (5
> etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
> DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
> UNSUPPORTED:(-135)}) 192.168.122.102: ISSUE: authtime 1589554729,
> etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-
> 96(18), ses=aes256-cts-hmac-sha1-96(18)}, administra...@fedora.loc
> for TERMSRV/win...@fedora.loc
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
> 19
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): TGS_REQ
> 192.168.122.102: 2ND_TKT_MISMATCH: authtime 1589554729,
> administra...@fedora.loc for TERMSRV/win...@fedora.loc, 2nd tkt
> client WIN10A$@FEDORA.LOC
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
> 19
>
> If I access via file manager (\\win10a\share) from window to a shared
> folder on another windows it work.
>
> If I try to access to win10a from fedora addc1 server with xfreerdp
> utility I can access without problem, this is the log:
>
> [lesca@addc1 ~]$ xfreerdp /u:administra...@fedora.loc
> /v:win10a.fedora.loc
> [18:01:32:549] [2340:2341] [INFO][com.freerdp.core] -
> freerdp_connect:freerdp_set_last_error_ex resetting error state
> [18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline]
> - loading channelEx rdpdr
> [18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline]
> - loading channelEx rdpsnd
> [18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline]
> - loading channelEx cliprdr
> [18:01:35:857] [2340:2341] [INFO][com.freerdp.primitives] -
> primitives autodetect, using optimized
> [18:01:35:864] [2340:2341] [INFO][com.freerdp.core] -
> freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex
> resetting error state
> [18:01:35:867] [2340:2341] [INFO][com.freerdp.core] -
> freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state
> [18:01:35:886] [2340:2341] [WARN][com.freerdp.crypto] - Certificate
> verification failure 'unable to get local issuer certificate (20)' at
> stack position 0
> [18:01:35:886] [2340:2341] [WARN][com.freerdp.crypto] - CN =
> win10a.fedora.loc
> Password:
> [18:01:39:264] [2340:2341] [INFO][com.freerdp.gdi] - Local
> framebuffer format PIXEL_FORMAT_BGRX32
> [18:01:39:265] [2340:2341] [INFO][com.freerdp.gdi] - Remote
> framebuffer format PIXEL_FORMAT_RGB16
> [18:01:40:343] [2340:2341] [INFO][com.winpr.clipboard] - initialized
> POSIX local file subsystem
> [18:01:41:829] [2340:2341] [INFO][com.freerdp.channels.rdpsnd.client]
> - Loaded fake backend for rdpsnd
> [18:02:12:906] [2340:2341] [INFO][com.freerdp.core] -
> rdp_set_error_info:freerdp_set_last_error_ex resetting error state
> [18:02:12:906] [2340:2347]
> [WARN][com.freerdp.channels.cliprdr.common] -
> [cliprdr_packet_format_list_new] called with invalid type
>
> Is this a know issue or it is a bugs?
>
> If you need some other informations let me know
>
> Many thanks
>
Is this the right place for submit this kind of question?
Or I must use another channel? what?
Many thanks
--
Dario Lesca
(inviato dal mio Linux Fedora 32 Workstation)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
Fedora 32: samba 4.12.2: Problem with access from win10b to win10a via remote desktop
I have a test environment for test samba AD MIT kerberos out of the box
I have a AD-DC samba on Fedora 32 (addc1), a Centos 8 member server
(centos8) and two PC windows 10 (win10a and win10b), fedora.loc is the
AD domain name
All work fine except access from windows to windows with remote
desktop. I work with administra...@fedora.loc and when I try to accessI get a
password request for this user and
This is what I get into /var/log/samba/mit_kdc.log:
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): AS_REQ (6 etypes
{aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
UNSUPPORTED:(-135), UNSUPPORTED:des-cbc-md5(3)}) 192.168.122.102:
NEEDED_PREAUTH: Administrator@FEDORA for krbtgt/FEDORA@FEDORA, Additional
pre-authentication required
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd 19
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): AS_REQ (6 etypes
{aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
UNSUPPORTED:(-135), UNSUPPORTED:des-cbc-md5(3)}) 192.168.122.102: ISSUE:
authtime 1589554729, etypes {rep=aes256-cts-hmac-sha1-96(18),
tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)},
Administrator@FEDORA for krbtgt/FEDORA@FEDORA
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd 19
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): TGS_REQ (5 etypes
{aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
UNSUPPORTED:(-135)}) 192.168.122.102: ISSUE: authtime 1589554729, etypes
{rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18),
ses=aes256-cts-hmac-sha1-96(18)}, administra...@fedora.loc for
TERMSRV/win...@fedora.loc
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd 19
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): TGS_REQ 192.168.122.102:
2ND_TKT_MISMATCH: authtime 1589554729, administra...@fedora.loc for
TERMSRV/win...@fedora.loc, 2nd tkt client WIN10A$@FEDORA.LOC
mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd 19
If I access via file manager (\\win10a\share) from window to a shared
folder on another windows it work.
If I try to access to win10a from fedora addc1 server with xfreerdp
utility I can access without problem, this is the log:
[lesca@addc1 ~]$ xfreerdp /u:administra...@fedora.loc /v:win10a.fedora.loc
[18:01:32:549] [2340:2341] [INFO][com.freerdp.core] -
freerdp_connect:freerdp_set_last_error_ex resetting error state
[18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline] - loading
channelEx rdpdr
[18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline] - loading
channelEx rdpsnd
[18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline] - loading
channelEx cliprdr
[18:01:35:857] [2340:2341] [INFO][com.freerdp.primitives] - primitives
autodetect, using optimized
[18:01:35:864] [2340:2341] [INFO][com.freerdp.core] -
freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex resetting error
state
[18:01:35:867] [2340:2341] [INFO][com.freerdp.core] -
freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state
[18:01:35:886] [2340:2341] [WARN][com.freerdp.crypto] - Certificate
verification failure 'unable to get local issuer certificate (20)' at stack
position 0
[18:01:35:886] [2340:2341] [WARN][com.freerdp.crypto] - CN = win10a.fedora.loc
Password:
[18:01:39:264] [2340:2341] [INFO][com.freerdp.gdi] - Local framebuffer format
PIXEL_FORMAT_BGRX32
[18:01:39:265] [2340:2341] [INFO][com.freerdp.gdi] - Remote framebuffer format
PIXEL_FORMAT_RGB16
[18:01:40:343] [2340:2341] [INFO][com.winpr.clipboard] - initialized POSIX
local file subsystem
[18:01:41:829] [2340:2341] [INFO][com.freerdp.channels.rdpsnd.client] - Loaded
fake backend for rdpsnd
[18:02:12:906] [2340:2341] [INFO][com.freerdp.core] -
rdp_set_error_info:freerdp_set_last_error_ex resetting error state
[18:02:12:906] [2340:2347] [WARN][com.freerdp.channels.cliprdr.common] -
[cliprdr_packet_format_list_new] called with invalid type
Is this a know issue or it is a bugs?
If you need some other informations let me know
Many thanks
--
Dario Lesca
(inviato dal mio Linux Fedora 32 Workstation)
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
