[linux-cifs-client] CIFS and Namespaces (pam_namespace.so)
Jeff Layton
jlayton at redhat.com
Mon Dec 17 19:50:20 GMT 2007
On Mon, 17 Dec 2007 20:42:27 +0100
Wilhelm Meier <wilhelm.meier at fh-kl.de> wrote:
> Am Montag, 17. Dezember 2007 schrieben Sie:
> > On Mon, 17 Dec 2007 15:52:00 +0100
> >
> > Wilhelm Meier <wilhelm.meier at fh-kl.de> wrote:
> > > Hi,
> > >
> > > I'm trying to use cifs-mounts and namespaces together. I set up
> > > an client machine which mounts user-homes and public directories,
> > > e.d.
> > >
> > > /home/tester (is mounted from //server/homes/tester, uid=tester)
> > >
> > > /var/lib/cifs/public_inst/tester (is mounted from
> > > //server/public, uid=tester)
> > >
> > > and with pam_namespace.so
> > >
> > > /home/public is bind-mounted from
> > > /var/lib/cifs/public_inst/tester in the new namespace.
> > >
> > > If I try this with an additional uses (replace tester with
> > > tester2 in the aboce example) simultaneously on the same machine,
> > > I got
> > >
> > > CIFS VFS: cifs_mount failed w/return code = -13
> > >
> > > Any hints?
> >
> > Are you using signatures?
>
> No.
>
Then disabling them probably won't help, but it might be worth a shot...
> > I've been working some with kerberos
> > mounts today and have found that CIFS tries to share TCP sessions
> > between users, but that doesn't seem to be working well with
> > signatures enabled (you need different signing keys, etc).
>
> This might be a problem due to the different namespaces ...
>
Possibly, but I tend to think that the namespace thing is pretty
orthogonal to the inner workings of CIFS.
> > You may
> > want to try disabling signatures and see if that works around the
> > problem.
>
> How do I do that?
>
>
Presuming that you're using the default value for SecurityFlags:
echo 0x6 > /proc/fs/cifs/SecurityFlags
...should disable them and leave the other settings intact.
SecurityFlags is a bitmask, and the meaning of it is in the README file
in the fs/cifs dir in the kernel source tree.
Note that many servers require signatures so you may need to disable
that requirement server-side as well.
--
Jeff Layton <jlayton at redhat.com>
More information about the linux-cifs-client
mailing list