Hans van Leeuwen
2024-Oct-29 14:08 UTC
[Samba] Kerberos ticket renew causes a brief network interruption
Hi Ralph Boehme,>> My hotfolderscan tool start om Monday 2:11 PM en the Kerberos ticket renewal occurs on 11:19 PM. >> The hotfolderscantool wrote in the logfile: >> 2024-10-28 23:19:00 Error 2 No such file or directory >>> 2024-10-28 23:19:03 Share available again >> >> That was after 9:08 hours and that is 32888 seconds. >> That time do you also see in the Wireshark output in the attachment.>there's only a screenshot and it only shows encrypted packets. We need unencrypted SMB and the pcap file. You'll likely have to upload it somewhere where >you can share a download link.>We'll only need the last 60 seconds or so, not the whole pcap if it's big.>And again: we need the same against a Windows server to check for differences.Kerberos is used to encrypt the SMB packages. When I use unencrypted SMB, Kerberos is not used and the problem doesn't occur. I have a pcap file from SMB against a Windows server, but nothing went wrong, so I don't how late the Kerberos ticket renewal. That pcap file contains also encrypted packets, so I don't know how to find the packets on the moment that the Kerberos ticket renewal. This discussion is much like the long discussion with Synology's second line support. Finally, Synology's second line support ran my hotdolderscan.exe tool internally at their place and that cleared things up. Best regards, Hans van Leeuwen -----Original Message----- From: Ralph Boehme <slow at samba.org> Sent: Tuesday, October 29, 2024 11:40 AM To: Hans van Leeuwen <HansvanLeeuwen at mailstreet.nl> Cc: samba at lists.samba.org Subject: Re: [Samba] Kerberos ticket renew causes a brief network interruption LET OP: Deze e-mail is afkomstig van buiten de organisatie. Klik niet op links of open geen bijlagen tenzij je zeker weet dat je de afzender herkent.
Ralph Boehme
2024-Oct-29 14:46 UTC
[Samba] Kerberos ticket renew causes a brief network interruption
On 10/29/24 3:08 PM, Hans van Leeuwen wrote:> Kerberos is used to encrypt the SMB packages.encryption is done with one of the supported encryption ciphers like AES-CCM or AES-GCM. Encryption keys are derived from key material established when a connection is authenticated via NTLM or Kerberos, but generally the authentication protocol used (NTLM or Kerberos) is independent from encrypting SMB or not. To disable encryption support on the Samba server you can set "server smb encrypt = no". However, if the client is configured to require encryption, connection establishment might fail.> When I use unencrypted > SMB, Kerberos is not used and the problem doesn't occur.Hm, see above, these are two independent things: authentication and encryption. Generally, a client can use Kerberos for authentication but then use unencrypted SMB just fine.> I have a pcap file from SMB against a Windows server, but nothing > went wrong, so I don't how late the Kerberos ticket renewal. That > pcap file contains also encrypted packets, so I don't know how to > find the packets on the moment that the Kerberos ticket renewal. > > This discussion is much like the long discussion with Synology's > second line support. Finally, Synology's second line support ran my > hotdolderscan.exe tool internally at their place and that cleared > things up.rofl, I'm sorry that a seasoned Samba engineer doesn't do any better then Synology's 2nd level support! :))) -slow -- SerNet Samba Team Lead https://sernet.de/ Samba Team Member https://samba.org/ SAMBA+ packages https://samba.plus/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20241029/21097dd4/OpenPGP_signature.sig>
Reasonably Related Threads
- Kerberos ticket renew causes a brief network interruption
- Kerberos ticket renew causes a brief network interruption
- Kerberos ticket renew causes a brief network interruption
- Kerberos ticket renew causes a brief network interruption
- Kerberos ticket renew causes a brief network interruption