Il giorno ven, 15/05/2020 alle 18.08 +0200, Dario Lesca ha scritto:
> I have a test environment for test samba AD MIT kerberos out of the
> box
>
> I have a AD-DC samba on Fedora 32 (addc1), a Centos 8 member server
> (centos8) and two PC windows 10 (win10a and win10b), fedora.loc is
> the
> AD domain name
>
> All work fine except access from windows to windows with remote
> desktop. I work with administrator@xxxxxxxxxx and when I try to
> accessI get a password request for this user and
>
> This is what I get into /var/log/samba/mit_kdc.log:
>
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): AS_REQ (6 etypes
> {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
> DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
> UNSUPPORTED:(-135), UNSUPPORTED:des-cbc-md5(3)}) 192.168.122.102:
> NEEDED_PREAUTH: Administrator@FEDORA for krbtgt/FEDORA@FEDORA,
> Additional pre-authentication required
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
> 19
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): AS_REQ (6 etypes
> {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
> DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
> UNSUPPORTED:(-135), UNSUPPORTED:des-cbc-md5(3)}) 192.168.122.102:
> ISSUE: authtime 1589554729, etypes {rep=aes256-cts-hmac-sha1-96(18),
> tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)},
> Administrator@FEDORA for krbtgt/FEDORA@FEDORA
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
> 19
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): TGS_REQ (5
> etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17),
> DEPRECATED:arcfour-hmac(23), DEPRECATED:arcfour-hmac-exp(24),
> UNSUPPORTED:(-135)}) 192.168.122.102: ISSUE: authtime 1589554729,
> etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-
> 96(18), ses=aes256-cts-hmac-sha1-96(18)}, Administrator@xxxxxxxxxx
> for TERMSRV/win10a@xxxxxxxxxx
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
> 19
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): TGS_REQ
> 192.168.122.102: 2ND_TKT_MISMATCH: authtime 1589554729,
> Administrator@xxxxxxxxxx for TERMSRV/win10a@xxxxxxxxxx, 2nd tkt
> client WIN10A$@FEDORA.LOC
> mag 15 16:58:49 addc1.fedora.loc krb5kdc[821](info): closing down fd
> 19
>
> If I access via file manager (\\win10a\share) from window to a shared
> folder on another windows it work.
>
> If I try to access to win10a from fedora addc1 server with xfreerdp
> utility I can access without problem, this is the log:
>
> [lesca@addc1 ~]$ xfreerdp /u:administrator@xxxxxxxxxx
> /v:win10a.fedora.loc
> [18:01:32:549] [2340:2341] [INFO][com.freerdp.core] -
> freerdp_connect:freerdp_set_last_error_ex resetting error state
> [18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline]
> - loading channelEx rdpdr
> [18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline]
> - loading channelEx rdpsnd
> [18:01:32:549] [2340:2341] [INFO][com.freerdp.client.common.cmdline]
> - loading channelEx cliprdr
> [18:01:35:857] [2340:2341] [INFO][com.freerdp.primitives] -
> primitives autodetect, using optimized
> [18:01:35:864] [2340:2341] [INFO][com.freerdp.core] -
> freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex
> resetting error state
> [18:01:35:867] [2340:2341] [INFO][com.freerdp.core] -
> freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state
> [18:01:35:886] [2340:2341] [WARN][com.freerdp.crypto] - Certificate
> verification failure 'unable to get local issuer certificate (20)' at
> stack position 0
> [18:01:35:886] [2340:2341] [WARN][com.freerdp.crypto] - CN =
> win10a.fedora.loc
> Password:
> [18:01:39:264] [2340:2341] [INFO][com.freerdp.gdi] - Local
> framebuffer format PIXEL_FORMAT_BGRX32
> [18:01:39:265] [2340:2341] [INFO][com.freerdp.gdi] - Remote
> framebuffer format PIXEL_FORMAT_RGB16
> [18:01:40:343] [2340:2341] [INFO][com.winpr.clipboard] - initialized
> POSIX local file subsystem
> [18:01:41:829] [2340:2341] [INFO][com.freerdp.channels.rdpsnd.client]
> - Loaded fake backend for rdpsnd
> [18:02:12:906] [2340:2341] [INFO][com.freerdp.core] -
> rdp_set_error_info:freerdp_set_last_error_ex resetting error state
> [18:02:12:906] [2340:2347]
> [WARN][com.freerdp.channels.cliprdr.common] -
> [cliprdr_packet_format_list_new] called with invalid type 00000000
>
> Is this a know issue or it is a bugs?
>
> If you need some other informations let me know
>
> Many thanks
>
Is this the right place for submit this kind of question?
Or I must use another channel? what?
Many thanks
--
Dario Lesca
(inviato dal mio Linux Fedora 32 Workstation)
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
