tl;dr 以最终状态smbclient -I 1.2.3.4 '\\hostname-abc\share1'
打印。是什么?Cannot do GSE to an IP address
NT_STATUS_LOGON_FAILURE
GSE
运行以下smbclient
命令
smbclient -I 1.2.3.4 '\\host-unix1\share1' --command=ls -A /tmp/auth
文件在/tmp/auth
哪里
username = user1
password = passw0rd!
domain = DOMAIN1
host-unix1
IP 地址的 SMB 服务器1.2.3.4
是 Unix 服务器。额外的身份验证由单独的 Active Directory 域控制器 Windows Server 2012 为域提供DOMAIN1
。
传递--debuglevel=99
给smbclient
导致额外的日志消息
...
negotiated dialect[SMB3_11] against server[1.2.3.4]
...
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
Cannot do GSE to an IP address
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
...
Got NTLMSSP neg_flags=0x60890215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62080215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: The attempted logon is invalid. This is either due to a bad username or authentication information.
- 使用
smbclient
4.7.6 和同样的商业 SMB 服务器