Ralph Boehme
2024-Oct-29 14:46 UTC
[Samba] Kerberos ticket renew causes a brief network interruption
On 10/29/24 3:08 PM, Hans van Leeuwen wrote:> Kerberos is used to encrypt the SMB packages.encryption is done with one of the supported encryption ciphers like AES-CCM or AES-GCM. Encryption keys are derived from key material established when a connection is authenticated via NTLM or Kerberos, but generally the authentication protocol used (NTLM or Kerberos) is independent from encrypting SMB or not. To disable encryption support on the Samba server you can set "server smb encrypt = no". However, if the client is configured to require encryption, connection establishment might fail.> When I use unencrypted > SMB, Kerberos is not used and the problem doesn't occur.Hm, see above, these are two independent things: authentication and encryption. Generally, a client can use Kerberos for authentication but then use unencrypted SMB just fine.> I have a pcap file from SMB against a Windows server, but nothing > went wrong, so I don't how late the Kerberos ticket renewal. That > pcap file contains also encrypted packets, so I don't know how to > find the packets on the moment that the Kerberos ticket renewal. > > This discussion is much like the long discussion with Synology's > second line support. Finally, Synology's second line support ran my > hotdolderscan.exe tool internally at their place and that cleared > things up.rofl, I'm sorry that a seasoned Samba engineer doesn't do any better then Synology's 2nd level support! :))) -slow -- SerNet Samba Team Lead https://sernet.de/ Samba Team Member https://samba.org/ SAMBA+ packages https://samba.plus/ -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20241029/21097dd4/OpenPGP_signature.sig>
Hans van Leeuwen
2024-Oct-29 15:09 UTC
[Samba] Kerberos ticket renew causes a brief network interruption
Hi Ralph Boehme, With "server smb encrypt = no" I can't reproduce the problem. So I don't know how I can deliver you a pcap file with unencrypted network packets. Best regards, Hans van Leeuwen -----Original Message----- From: Ralph Boehme <slow at samba.org> Sent: Tuesday, October 29, 2024 3:47 PM To: Hans van Leeuwen <HansvanLeeuwen at mailstreet.nl> Cc: samba at lists.samba.org Subject: Re: [Samba] Kerberos ticket renew causes a brief network interruption
Maybe Matching Threads
- Kerberos ticket renew causes a brief network interruption
- Kerberos ticket renew causes a brief network interruption
- Kerberos ticket renew causes a brief network interruption
- Kerberos ticket renew causes a brief network interruption
- Kerberos ticket renew causes a brief network interruption