Project

General

Profile

Bug #20386

SMB changes caused LDAP QA test regressions?

Added by Joe Maloney over 3 years ago. Updated over 3 years ago.

Status:
Closed: Behaves correctly
Priority:
Expected
Assignee:
Joe Maloney
Category:
OS
Target version:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

John,

Since this build which shows your commits we have been unable to get LDAP tests to pass:

https://builds.ixsystems.com/jenkins/view/QA%20Tests/view/All/job/FreeNAS%209.10%20-%20Master%20-%20Install%20QA%20Tests/564/

The same tests are passing in the FreeNAS STABLE branch:

https://builds.ixsystems.com/jenkins/view/QA%20Tests/view/All/job/FreeNAS%209.10%20-%20STABLE%20-%20Install%20QA%20Tests/

Is this something you can take a look at soon?

History

#1 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Target version set to 9.10.3

#2 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Priority changed from No priority to Expected

#3 Updated by John Hixson over 3 years ago

  • Status changed from Unscreened to Screened

#4 Updated by John Hixson over 3 years ago

I propose we use smbclient for QA tests. This will eliminate any problems.

#5 Updated by John Hixson over 3 years ago

To elaborate further, I am not sure why mount_smbfs is failing. I also don't think it's worth the time to dig in or fix if necessary ;-) I have confirmed that both AD and LDAP work just fine with newer version of samba. The only place I see failing is using mount_smbfs, and I see this for both AD and LDAP. If you guys feel that this requires "fixing" then I can spend more time on it.

#6 Updated by John Hixson over 3 years ago

Actually, we should probably support mount_smbfs ;-) I will continue to look into this.

#7 Updated by Joe Maloney over 3 years ago

John,
I found a workaround.

From the release notes:

NTLMv1 authentication disabled by default
-----------------------------------------

In order to improve security we have changed
the default value for the "ntlm auth" option from
"yes" to "no". This may have impact on very old
clients which doesn't support NTLMv2 yet.

The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.

By default, Samba will only allow NTLMv2 via NTLMSSP now,
as we have the following default "lanman auth = no",
"ntlm auth = no" and "raw NTLMv2 auth = no".

I added the following to auxiliary parameters:

lanman auth = yes
ntlm auth = yes
raw NTLMv2 auth = yes

Now I can authenticate.

#8 Updated by John Hixson over 3 years ago

  • Assignee changed from John Hixson to Joe Maloney

Joe Maloney wrote:

John,
I found a workaround.

From the release notes:

NTLMv1 authentication disabled by default
-----------------------------------------

In order to improve security we have changed
the default value for the "ntlm auth" option from
"yes" to "no". This may have impact on very old
clients which doesn't support NTLMv2 yet.

The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.

By default, Samba will only allow NTLMv2 via NTLMSSP now,
as we have the following default "lanman auth = no",
"ntlm auth = no" and "raw NTLMv2 auth = no".

I added the following to auxiliary parameters:

lanman auth = yes
ntlm auth = yes
raw NTLMv2 auth = yes

Now I can authenticate.

It looks like I was chasing down 2 different rabbit holes. This is correct for LDAP and works ;-) Confirmed here as well.

#9 Updated by Joe Maloney over 3 years ago

  • Status changed from Screened to Closed: Behaves correctly

Good enough for me. I went ahead, and just enabled the auxiliary parameters in the tests to work around mount_smbfs.

https://github.com/iXsystems/ixbuild/commit/fc17e4c124a1392bc3973500f20ea3f77618f662

#10 Avatar?id=14398&size=24x24 Updated by Kris Moore over 3 years ago

  • Target version changed from 9.10.3 to N/A

#11 Updated by Dru Lavigne almost 3 years ago

  • File deleted (debug-fn910mtest-20170119092102.tgz)

Also available in: Atom PDF