2016-04-13 07:13 AM
last night our Linux-Servers made an update of samba from 3.6.23-25 to 3.6.23-30. After that, no smblient is possible to our NetApp:
Domain=[STADT-MH.DE] OS=[Windows Server 2008 R2 Standard 7601 Service Pack 1] Server=[Windows Server 2008 R2 Standard 6.1]
ntlmssp3_handle_neg_flags: Got challenge flags[0x60898205] - possible downgrade detected! missing_flags[0x00000010] - NT_STATUS_RPC_SEC_PKG_ERROR
session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED
did you forget to run kinit?
Rolling back to samba 3.6.23-25 works! But we want to fix the security-issues with samba 3.6.23-25.
Server-OS is CentOS6, NetApp is 8.3.1P2 Cdot.
Solved! SEE THE SOLUTION
2016-04-18 05:32 AM
Hi, we have the same errors. We can connect with smbclient to several servers, but when we want to connect to a netapp, we get the error message:
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
ntlmssp_handle_neg_flags: Got challenge flags[0x60898205] - possible downgrade detected! missing_flags[0x00000010] - NT code 0x80090302
SPNEGO(ntlmssp) login failed: NT code 0x80090302
SPNEGO login failed: NT code 0x80090302
session setup failed: NT code 0x80090302
I also compiled Samba 4.4.2 by myself, but no luck ...
2016-04-18 11:02 PM
Unfortunately, there is no official support for RedHat smb clients on NetApp platform.
2016-04-19 11:07 AM
This looks like a failure to support an essential component of the Samba feature set. If the failing feature is part of the RFC for Samba, this isn't about Red Hat client, but about adherence to standards.
In my case just now, the workaround to turn spneg off seems to work. Not exactly a nice way to have to deal with this. What changed in the standards that the NetApp support for Samba isn't keeping up with?
2016-04-20 03:25 AM
client use spnego = no works for me to connect to the SVM. Thanks a lot
But when I connect to an DFS, I get the following error:
session setup failed: NT_STATUS_INVALID_PARAMETER
2016-05-26 04:25 AM
This also breaks 'rpcclient' calls to the netapp now.
Btw, this behavior changes depending on whehter you have SMB signing turned on or not under the 'cifs' options section.