diff --git a/testing/btest/Baseline/scripts.base.protocols.krb.smb_gssapi/kerberos.log b/testing/btest/Baseline/scripts.base.protocols.krb.smb_gssapi/kerberos.log
new file mode 100644
index 0000000000..d55cd5281a
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.krb.smb_gssapi/kerberos.log
@@ -0,0 +1,10 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	kerberos
+#open	2017-09-17-21-25-06
+#fields	ts	uid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	request_type	client	service	success	error_msg	from	till	cipher	forwardable	renewable	client_cert_subject	client_cert_fuid	server_cert_subject	server_cert_fuid
+#types	time	string	addr	port	addr	port	string	string	string	bool	string	time	time	string	bool	bool	string	string	string	string
+1165958411.822000	CHhAvVGS1DHFjwGM9	10.24.64.228	1227	10.24.8.44	445	-	-	-	-	-	-	-	-	-	-	-	-	-	-
+#close	2017-09-17-21-25-06
diff --git a/testing/btest/scripts/base/protocols/krb/smb_gssapi.test b/testing/btest/scripts/base/protocols/krb/smb_gssapi.test
index 5cc223657b..f4995cd2f6 100644
--- a/testing/btest/scripts/base/protocols/krb/smb_gssapi.test
+++ b/testing/btest/scripts/base/protocols/krb/smb_gssapi.test
@@ -3,8 +3,9 @@
 #   SMB authentication event and therfore relies on the SMB
 #   analyzer as well.
 
-# @TEST-EXEC: bro -b -r $TRACES/krb/smb_gssapi.trace %INPUT
+# @TEST-EXEC: bro -b -C -r $TRACES/krb/smb_gssapi.trace %INPUT
 # @TEST-EXEC: btest-diff kerberos.log
+# @TEST-EXEC: btest-diff-rst scripts.base.protocols.krb
 
 @load base/protocols/krb
-@load base/protocols/smb
+@load policy/protocols/smb