Bug 1479451

Summary: Unable to authenticate against AD with kerberos using the `net' command
Product: Red Hat Enterprise Linux 7 Reporter: Ming Davies <minyu>
Component: sambaAssignee: jstephen
Status: CLOSED ERRATA QA Contact: Andrej Dzilský <adzilsky>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: adzilsky, asn, dpal, gdeschner, jarrpa, jstephen, minyu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: samba-4.9.1-3.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-08-06 12:45:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ming Davies 2017-08-08 14:54:57 UTC 
Description of problem:
Customer said that it is no longer possible to authenticate against AD with kerberos using the `net' command. Every time they tried to using "net -k2, the net command attempted to use anonymous user against AD.

#kinit <username>
Password for <username>@<DOMAINNAME>: 
#net -d 1 -k -S HOSTNAME.FQDN RPC GETSID 
Cannot connect to server (anonymously).  Error was NT_STATUS_INVALID_PARAMETER_MIX
Connection failed: NT_STATUS_INVALID_PARAMETER_MIX
failed to make ipc connection: NT_STATUS_INVALID_PARAMETER_MIX


<<<It's working if trying the same command but without kerberos
# net -d 1 -U <usnername> -S HOSTNAME.FQDN  RPC GETSID 
Enter <username>'s password:
Storing SID S-1-5-21-1749005735-216031810-3716667389 for Domain DHCP10-210 in secrets.tdb

Version-Release number of selected component (if applicable):
samba-4.4.4-14.el7_3.x86_64

How reproducible:
I have not managed to reproduce the issue inhouse

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 4 Andreas Schneider 2017-08-10 06:50:14 UTC 
Can you get a network trace for this?
Comment 13 errata-xmlrpc 2019-08-06 12:45:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:2099