[kde-linux] SPNEGO Fails for Konqueror

Mike Thrift mike at connectusnet.com
Wed Nov 2 15:16:49 UTC 2005 

Hi,
    I've asked this question in a number of locations, and I've seen 
many instances of a similar problem, most of these instances go 
unanswered.  I have asked this question in various ways, after 
researching more each time, and I have yet to get an answer.  Googling 
list archives such as samba's archives, kde's archives, and others, have 
revealed no fixes for this problem.
    My setup is a FC4 box setup on a Win2003 Active Directory Domain.  I 
can confirm my connection to the domain, and I authenticate without 
problems to the domain.  Running a klist shows my current tickets, and 
issuing the command: smbclient //xyz/abc -k drops me into the share I 
request without hesitation.  Yet, for some reason, attempting to access 
the same share through KDE using: konqueror //xyz/abc prompts me for a 
password, and leaves the following in my .xsession-errors:

Connecting to [SERVER IP] at port 445
 session request ok
Doing spnego session setup (blob length=112)
got OID=1 2 840 48018 1 2 2
got OID=1 2 840 113554 1 2 2
got OID=1 2 840 113554 1 2 2 3
got OID=1 3 6 1 4 1 311 2 2 10
got principal=[SERVER NAME]$@[DOMAIN]
Got challenge flags:
Got NTLMSSP neg_flags=0x62890215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
 session setup ok
smbc errno NT_STATUS_ACCESS_DENIED -> 13

I have noticed that smbclient will only drop me into the share when I 
issue the -k flag, and doesn't assume kerberos auth by default, maybe 
that's the problem in KDE?  Does anybody have any idea why this wouldn't 
work?  What I've read concerning NTLM, spnego etc. is that it is all 
enabled by default, and it's clear that my system is attempting to 
authenticate, but something just isn't clicking.  Any help or 
suggestions are greatly appreciated.  My software versions are:

KDE 3.4.2
samba-common-3.0.14a-2
samba-3.0.14a-2
samba-client-3.0.14a-2
pam_krb5-2.1.7-3
krb5-auth-dialog-0.2-5
krb5-libs-1.4.1-5
krb5-workstation-1.4.1-5

Thanks again!
Mike.

More information about the kde-linux mailing list