From nobody Wed Mar 26 21:56:08 2025
X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZNLG11S2sz5rG8M
	for <ports-bugs@mlmmj.nyi.freebsd.org>; Wed, 26 Mar 2025 21:56:09 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4ZNLG0740nz3TFk
	for <ports-bugs@FreeBSD.org>; Wed, 26 Mar 2025 21:56:08 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1743026169;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=da2l6krHkagHHJSJTjXge1XHtGt4RWpiqUWGzXe2J8Q=;
	b=OwaY0SMiJNoeI50jMFRpJUD/JQjQ3EL6ntIMJLFnvumF4x/+Yb88Fcxe0KS1wTq63jmtdH
	zB27qUKJFNGo1G3JzoKRsKr6PuMWtY5cOJPFOl05Nsf8JPLB4tYQ9SFHx0EqnBGpge6lkC
	B5/+DPD0FuNE6xYd1rzXxyiwDdUznybjPSXEBtAe7YZN5cxntpkev1F3XMQ7nbeS2a/NZ0
	tYu2LznAPwlSbIBOVSBV0OaihJb+tnkRGWZdyCV+KDd3cU0NlS2h30e89Gs/lvOEQ3EGYC
	3MelJCOqCyjE2lCf1mdfiDrWmn7FE/zSysC7GO3/Vn5eJYVXhiYZOIT8+TALKw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743026169; a=rsa-sha256; cv=none;
	b=KE5ecmuNoO786X0hKmd7OOdj900W6idOST/FpxKtU3e6ar1GNlC8tUyZ4DJ+JqXLU7z2Sl
	veWOMYHPtvapxEqKxZ9EtsSPm/ZnQTKTJrXggMNY3bl4S2xkr+b8G/YJAqwmQccV+yMjvz
	uCEUZcwXzLFvHzJnZU9JOYehku8giPzGM90dZkVRP+urnGF2GIRALtsn0iSZPqOo17OgGf
	rLOsycGZl0PWsy+aHwVgaX3UdF6E8Gr8MjM7ebYh9X5moxi9uM2r47d9CAqs/kqV4qQDSc
	zOtLLltNGaiIJ01oKYKC7UVkURDLT8i8zqxf8mvY0lqR09Vq4AeoPqSAMsOS3Q==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1743026169;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=da2l6krHkagHHJSJTjXge1XHtGt4RWpiqUWGzXe2J8Q=;
	b=PGdlijfGVhBFEKZYm6QNmdYPg7lTICddb+LRlKzEVhhdn8OlyaxsZ+lecQLWXLMlXDe5bX
	pJP2ReSMKP+JH4vWnrbdU2LHIeDEnAEkxpY2exjmx1CvBshHik7lFV0yp0TdJ2zLbA3TDU
	B8o/qwSbhUvm4ItdNrmazztgNCHBxb1f0RCKA02jiPyvju2hl0v1gU09/CYczqyxt1tEoX
	xSe76SxtvALkjqmHvzaUsghxq4OTtT9QL95/ts3uZ642q3JOMmz06ociq1qkdJ2E4ZimCA
	thsmz5C7c8PZFSogFAGEBsqc5YOoH6IWHyCD2C5huv0eatYK28qHpk7a1h84Zw==
Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZNLG06gTzzCw1
	for <ports-bugs@FreeBSD.org>; Wed, 26 Mar 2025 21:56:08 +0000 (UTC)
	(envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.5])
	by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 52QLu8CB064649
	for <ports-bugs@FreeBSD.org>; Wed, 26 Mar 2025 21:56:08 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
	by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 52QLu8T9064647
	for ports-bugs@FreeBSD.org; Wed, 26 Mar 2025 21:56:08 GMT
	(envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: ports-bugs@FreeBSD.org
Subject: [Bug 285682] net/samba416: Wrong Content in DOMAIN Sent from FreeBSD
Date: Wed, 26 Mar 2025 21:56:08 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Ports & Packages
X-Bugzilla-Component: Individual Port(s)
X-Bugzilla-Version: Latest
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: vermaden@interia.pl
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: samba@FreeBSD.org
X-Bugzilla-Flags: maintainer-feedback?
X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform
 op_sys bug_status bug_severity priority component assigned_to reporter
 flagtypes.name attachments.created
Message-ID: <bug-285682-7788@https.bugs.freebsd.org/bugzilla/>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs
List-Help: <mailto:ports-bugs+help@freebsd.org>
List-Post: <mailto:ports-bugs@freebsd.org>
List-Subscribe: <mailto:ports-bugs+subscribe@freebsd.org>
List-Unsubscribe: <mailto:ports-bugs+unsubscribe@freebsd.org>
X-BeenThere: freebsd-ports-bugs@freebsd.org
Sender: owner-freebsd-ports-bugs@FreeBSD.org
MIME-Version: 1.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D285682

            Bug ID: 285682
           Summary: net/samba416: Wrong Content in DOMAIN Sent from
                    FreeBSD
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: samba@FreeBSD.org
          Reporter: vermaden@interia.pl
             Flags: maintainer-feedback?(samba@FreeBSD.org)
          Assignee: samba@FreeBSD.org

Created attachment 259061
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D259061&action=
=3Dedit
client-bsd.out.png

Hi,

this will be a very low level and complicated case - along with Red Hat IDM
attachment.

The idea behind all of this is 'simple':
1. We have FreeBSD host attached to Red Hat IDM for logging over sshd(8) or
local on console with IDM user/password.
2. Same FreeBSD system has Samba server running - also attached to IDM.
3. Any system - NOT attached to IDM - can mount that FreeBSD Samba share wi=
th
user/password from IDM.

The hosts in the environment are:

- 172.27.0.30    haziz.bsdtest.xyz        Red Hat IDM @ RHEL 8.10
- 172.27.0.31    mukuku.bsdtest.xyz       Samba RHEL 8.10 Server
- 172.27.33.211  haziz-samba.bsdtest.xyz  Samba FreeBSD 14.2-RELEASE Server
- 172.27.33.202  client.lab.org           RHEL 8.10 Samba Client

I have joined FreeBSD 14.2-RELEASE machine to IDM this way:
-
https://vermaden.wordpress.com/2024/06/23/freebsd-samba-share-freeipa-idm-a=
uth/

Now - I can have a working solution using my 'ipasam.so' library method - a=
lso
described in details in the above URL from my blog - but a Senior Solution
Architect from Red Hat IDM department said - the 'ipasam.so' library should
only be used on IDM server and never on IDM client (as I do) and that this
'hack' is not guaranteed to last forever - so I wanted to configure FreeBSD
Samba server the 'official' Red Hat way ... and looking at packets gathered
with tcpdump(8) it does not work as 'advertised' on FreeBSD side.

The Red Hat documentation regarding attaching Samba server to Red Hat IDM is
here:
-
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/co=
nfiguring_and_managing_identity_management/setting-up-samba-on-an-idm-domai=
n-member_configuring-and-managing-idm

Now - for the details.


Command I used to mount the Samba share from FreeBSD 14.2-RELEASE Samba ser=
ver:

[root@client ~]# mount.cifs -v //172.27.33.211/data /mnt -o
username=3Dsamba-test,domain=3DBSDTEST.XYZ


Command I used to mount the Samba share from RHEL 8.10 Samba server:

[root@client ~]# mount.cifs -v //172.27.0.31/data /mnt -o
username=3Dsamba-test,domain=3DBSDTEST.XYZ


Samba config on FreeBSD 14.2-RELEASE system:

root@haziz-samba:~ # cat /usr/local/etc/smb4.conf=20
[global]
  max smbd processes =3D 1000
  server role =3D member server
  dedicated keytab file    =3D FILE:/usr/local/etc/smb4.keytab
  kerberos method          =3D dedicated keytab
  log file                 =3D /var/log/samba.log
  log level                =3D 1

  workgroup                =3D BSDTEST
  realm                    =3D BSDTEST.XYZ
  netbios name             =3D HAZIZ-SAMBA

  idmap config * : range =3D 0 - 0
  idmap config * : backend =3D tdb
  idmap config BSDTEST : range =3D 1631600000 - 1631799999
  idmap config BSDTEST : backend =3D sss

  state directory          =3D /var/lib/samba4
  cache directory          =3D /var/lib/samba4
  include                  =3D registry

[data]
  path       =3D /data
  writeable  =3D yes
  browsable  =3D yes
  public     =3D no
  write list =3D samba-user


Sa,ba config on RHEL 8.10 system:

[root@mukuku ~]# cat /etc/samba/smb.conf

[global]
  max smbd processes =3D 1000
  server role =3D member server
  dedicated keytab file =3D FILE:/etc/samba/samba.keytab
  kerberos method =3D dedicated keytab
  log file                 =3D /var/log/samba.log
  log level                =3D 1

  workgroup =3D BSDTEST
  realm =3D BSDTEST.XYZ
  netbios name =3D MUKUKU

  idmap config * : range =3D 0 - 0
  idmap config * : backend =3D tdb
  idmap config BSDTEST : range =3D 1631600000 - 1631799999
  idmap config BSDTEST : backend =3D sss

[data]
  path       =3D /data
  writeable  =3D yes
  browsable  =3D yes
  public     =3D no
  write list =3D samba-user


Please take a look at the attached images:
- client-bsd.out.png
- client-rhel.out.png

These are tcpdump(8) dumps in Wireshare showing the problem.

That instead of 'domain' the FreeBSD Samba server sends 'NETBIOS NAME' in t=
he
'DOMAIN' part ...

Not sure what I can add here more ...

Let me know if I can.

Regards,
vermaden

--=20
You are receiving this mail because:
You are the assignee for the bug.=