[linux-cifs-client] CIFS and Namespaces (pam_namespace.so)
Jeff Layton
jlayton at redhat.com
Tue Dec 18 13:24:07 GMT 2007
On Tue, 18 Dec 2007 14:00:10 +0100
Wilhelm Meier <wilhelm.meier at fh-kl.de> wrote:
> Am Montag, 17. Dezember 2007 schrieb Jeff Layton:
> > On Mon, 17 Dec 2007 20:42:27 +0100
> >
> > Wilhelm Meier <wilhelm.meier at fh-kl.de> wrote:
> > > Am Montag, 17. Dezember 2007 schrieben Sie:
> > > > On Mon, 17 Dec 2007 15:52:00 +0100
> > > >
> > > > Wilhelm Meier <wilhelm.meier at fh-kl.de> wrote:
> > > > > Hi,
> > > > >
> > > > > I'm trying to use cifs-mounts and namespaces together. I set
> > > > > up an client machine which mounts user-homes and public
> > > > > directories, e.d.
> > > > >
> > > > > /home/tester (is mounted from //server/homes/tester,
> > > > > uid=tester)
> > > > >
> > > > > /var/lib/cifs/public_inst/tester (is mounted from
> > > > > //server/public, uid=tester)
> > > > >
> > > > > and with pam_namespace.so
> > > > >
> > > > > /home/public is bind-mounted from
> > > > > /var/lib/cifs/public_inst/tester in the new namespace.
> > > > >
> > > > > If I try this with an additional uses (replace tester with
> > > > > tester2 in the aboce example) simultaneously on the same
> > > > > machine, I got
> > > > >
> > > > > CIFS VFS: cifs_mount failed w/return code = -13
> > > > >
> > > > > Any hints?
> > > >
> > > > Are you using signatures?
> > >
> > > No.
> >
> > Then disabling them probably won't help, but it might be worth a
> > shot...
> >
> > > > I've been working some with kerberos
> > > > mounts today and have found that CIFS tries to share TCP
> > > > sessions between users, but that doesn't seem to be working
> > > > well with signatures enabled (you need different signing keys,
> > > > etc).
> > >
> > > This might be a problem due to the different namespaces ...
> >
> > Possibly, but I tend to think that the namespace thing is pretty
> > orthogonal to the inner workings of CIFS.
> >
> > > > You may
> > > > want to try disabling signatures and see if that works around
> > > > the problem.
> > >
> > > How do I do that?
> >
> > Presuming that you're using the default value for SecurityFlags:
> >
> > echo 0x6 > /proc/fs/cifs/SecurityFlags
> >
> > ...should disable them and leave the other settings intact.
>
> ok, thank you.
>
> But the probelm remains: the first mount for the first user on the
> machine is ok (before the first namespace-operation takes place). All
> cifs-mounts afterwards fail.
>
> >
> > SecurityFlags is a bitmask, and the meaning of it is in the README
> > file in the fs/cifs dir in the kernel source tree.
>
> ok, found it.
>
> >
> > Note that many servers require signatures so you may need to
> > disable that requirement server-side as well.
>
> Its samba without any special flags in smb.conf, so signing is off I
> think.
>
> Can you give me any further hints where to start to investigate the
> problem further?
>
It must be something with namespaces then. I'm afraid I've not looked
at them closely, so I can't recommend much at this point. One thing
that might be helpful is turning up cifsFYI and seeing if that shows
anything useful in the ring buffer:
# echo 7 > /proc/fs/cifs/cifsFYI
If you get it figured out, please let us know.
--
Jeff Layton <jlayton at redhat.com>
More information about the linux-cifs-client
mailing list