[Bug 285682] net/samba416: Wrong Content in DOMAIN Sent from FreeBSD

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Wed, 26 Mar 2025 21:56:08 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285682

            Bug ID: 285682
           Summary: net/samba416: Wrong Content in DOMAIN Sent from
                    FreeBSD
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: samba@FreeBSD.org
          Reporter: vermaden@interia.pl
             Flags: maintainer-feedback?(samba@FreeBSD.org)
          Assignee: samba@FreeBSD.org

Created attachment 259061
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=259061&action=edit
client-bsd.out.png

Hi,

this will be a very low level and complicated case - along with Red Hat IDM
attachment.

The idea behind all of this is 'simple':
1. We have FreeBSD host attached to Red Hat IDM for logging over sshd(8) or
local on console with IDM user/password.
2. Same FreeBSD system has Samba server running - also attached to IDM.
3. Any system - NOT attached to IDM - can mount that FreeBSD Samba share with
user/password from IDM.

The hosts in the environment are:

- 172.27.0.30    haziz.bsdtest.xyz        Red Hat IDM @ RHEL 8.10
- 172.27.0.31    mukuku.bsdtest.xyz       Samba RHEL 8.10 Server
- 172.27.33.211  haziz-samba.bsdtest.xyz  Samba FreeBSD 14.2-RELEASE Server
- 172.27.33.202  client.lab.org           RHEL 8.10 Samba Client

I have joined FreeBSD 14.2-RELEASE machine to IDM this way:
-
https://vermaden.wordpress.com/2024/06/23/freebsd-samba-share-freeipa-idm-auth/

Now - I can have a working solution using my 'ipasam.so' library method - also
described in details in the above URL from my blog - but a Senior Solution
Architect from Red Hat IDM department said - the 'ipasam.so' library should
only be used on IDM server and never on IDM client (as I do) and that this
'hack' is not guaranteed to last forever - so I wanted to configure FreeBSD
Samba server the 'official' Red Hat way ... and looking at packets gathered
with tcpdump(8) it does not work as 'advertised' on FreeBSD side.

The Red Hat documentation regarding attaching Samba server to Red Hat IDM is
here:
-
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_identity_management/setting-up-samba-on-an-idm-domain-member_configuring-and-managing-idm

Now - for the details.


Command I used to mount the Samba share from FreeBSD 14.2-RELEASE Samba server:

[root@client ~]# mount.cifs -v //172.27.33.211/data /mnt -o
username=samba-test,domain=BSDTEST.XYZ


Command I used to mount the Samba share from RHEL 8.10 Samba server:

[root@client ~]# mount.cifs -v //172.27.0.31/data /mnt -o
username=samba-test,domain=BSDTEST.XYZ


Samba config on FreeBSD 14.2-RELEASE system:

root@haziz-samba:~ # cat /usr/local/etc/smb4.conf 
[global]
  max smbd processes = 1000
  server role = member server
  dedicated keytab file    = FILE:/usr/local/etc/smb4.keytab
  kerberos method          = dedicated keytab
  log file                 = /var/log/samba.log
  log level                = 1

  workgroup                = BSDTEST
  realm                    = BSDTEST.XYZ
  netbios name             = HAZIZ-SAMBA

  idmap config * : range = 0 - 0
  idmap config * : backend = tdb
  idmap config BSDTEST : range = 1631600000 - 1631799999
  idmap config BSDTEST : backend = sss

  state directory          = /var/lib/samba4
  cache directory          = /var/lib/samba4
  include                  = registry

[data]
  path       = /data
  writeable  = yes
  browsable  = yes
  public     = no
  write list = samba-user


Sa,ba config on RHEL 8.10 system:

[root@mukuku ~]# cat /etc/samba/smb.conf

[global]
  max smbd processes = 1000
  server role = member server
  dedicated keytab file = FILE:/etc/samba/samba.keytab
  kerberos method = dedicated keytab
  log file                 = /var/log/samba.log
  log level                = 1

  workgroup = BSDTEST
  realm = BSDTEST.XYZ
  netbios name = MUKUKU

  idmap config * : range = 0 - 0
  idmap config * : backend = tdb
  idmap config BSDTEST : range = 1631600000 - 1631799999
  idmap config BSDTEST : backend = sss

[data]
  path       = /data
  writeable  = yes
  browsable  = yes
  public     = no
  write list = samba-user


Please take a look at the attached images:
- client-bsd.out.png
- client-rhel.out.png

These are tcpdump(8) dumps in Wireshare showing the problem.

That instead of 'domain' the FreeBSD Samba server sends 'NETBIOS NAME' in the
'DOMAIN' part ...

Not sure what I can add here more ...

Let me know if I can.

Regards,
vermaden

-- 
You are receiving this mail because:
You are the assignee for the bug.