[linux-cifs-client] Using mount.cifs with krb5/SPNEGO Win2k3 share
Seb James
seb at esfnet.co.uk
Tue Feb 5 12:21:55 GMT 2008
Hi List,
I'm having a real problem mounting a share on a Windows 2003 server, and
the problem seems related to the authentication methods available on the
server.
Symptoms:
The call to mount.cifs appears to mount the share, and df -h shows the
share, but I cannot write any data to the share.
Server Setup:
The share has been set up on the Win2k3 server with write access
allowed for this user - I have been sent a screenshot of the share's
"Properties" window. I don't have any control over the Win2k3 server
myself. I don't have any info from the admin about what authentication
methods they are using.
Client software versions:
root at cifsclient:root # mount.cifs --version
mount.cifs version: 1.10-3.0.24
Linux kernel version is 2.6.11 (yes, I know it's old).
Reading the Manual:
I seem to have discovered (by reading the Linux CIFS Client Guide)
that this is an authentication/kerberos issue - the site certainly
uses Active Directory to a fairly great extent and I suspect they are
using krb5/spnego authentication. Do the attached logs bear this out?
(Aside: What does spnego stand for?)
Questions:
* Should I be able to use NTLMv2 with this site if I (use the) backport
version 1.47 (or later) of the cifs client into my 2.6.11 kernel?
* Is Kerberos support available in cifs version 1.50 (The latest
mainline version as I write this)?
* What should I look for in the cifsFYI (or smbclient debug) output to
work out what authentication schemes the server provides/requires?
Debug Output:
I've appended the cifsFYI output from the cifsclient syslog here, for
the mount/attempt-to-create-file/unmount actions.
The machine running the mount.cifs command is called "cifsclient".
The domain is SRVDOM and the share name is LOGSPACE. The username for
this share is LOGSPACE also and the password is 12345.
In DebugData, I think I need to understand this:
Capabilities: 0x1f3fd
and also this:
1) \\172.20.3.62\logspace Uses: 1 Type: NTFS Characteristics: 0x20 Attributes: 0x700ff
- in particular the Attributes.
I will go and have a look at the kernel source to figure these out..
Many thanks for reading,
Seb James
First we mount the share:
root at cifsclient:/tmp # mount.cifs \\\\172.20.3.62\\logspace /tmp/log -o user='SRVDOM\LOGSPACE',pass='12345',ip=172.20.3.62
root at cifsclient:/tmp #
Output in syslog (/proc/fs/cifs/cifsFYI is set to "1"):
-------------------
Feb 5 10:50:54 cifsclient kernel: fs/cifs/cifsfs.c: Devname: //172.20.3.62/logspace flags: 64
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 79 with uid: 0
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Domain name set
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Username: LOGSPACE
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: UNC: \\172.20.3.62\logspace ip: 172.20.3.62
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Socket created
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Existing smb sess not found
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: For smb_command 114
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 47
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Demultiplex PID: 716
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x77)
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Mid 0x70 matched - waking up
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Security Mode: 0xf Capabilities: 0x1f3fd Time Zone: 0
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: In sesssetup
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: For smb_command 115
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 286
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0xcb)
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Mid 0x71 matched - waking up
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Unexpected signature received from server
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: UID = 34819
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: CIFS Session Established successfully
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: file mode: 0x7f7 dir mode: 0x1ff
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: For smb_command 117
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 94
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x42)
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Mid 0x72 matched - waking up
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Unexpected signature received from server
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Tcon flags: 0x1
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: CIFS Tcon rc = 0
Feb 5 10:50:54 cifsclient kernel: fs/cifs/cifssmb.c: In QFSDeviceInfo
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: For smb_command 50
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 68
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x44)
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Mid 0x73 matched - waking up
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Unexpected signature received from server
Feb 5 10:50:54 cifsclient kernel: fs/cifs/cifssmb.c: In QFSAttributeInfo
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: For smb_command 50
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 68
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x50)
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Mid 0x74 matched - waking up
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Unexpected signature received from server
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 79) rc = 0
Feb 5 10:50:54 cifsclient kernel: fs/cifs/inode.c: CIFS VFS: in cifs_read_inode as Xid: 80 with uid: 0
Feb 5 10:50:54 cifsclient kernel: fs/cifs/inode.c: Getting info on
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: For smb_command 50
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 74
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x98)
Feb 5 10:50:54 cifsclient kernel: fs/cifs/connect.c: Mid 0x75 matched - waking up
Feb 5 10:50:54 cifsclient kernel: fs/cifs/transport.c: Unexpected signature received from server
Feb 5 10:50:54 cifsclient kernel: fs/cifs/inode.c: Old time 0
Feb 5 10:50:54 cifsclient kernel: fs/cifs/inode.c: New time 2582816
Feb 5 10:50:54 cifsclient kernel: fs/cifs/inode.c: Directory inode
-------------------
And the output From DebugData:
root at cifsclient:/tmp # cat /proc/fs/cifs/DebugData
Display Internal CIFS Data Structures for Debugging
---------------------------------------------------
Servers:
1) Name: 172.20.3.62 Domain: SRVDOM Mounts: 1 ServerOS: Windows Server 2003 R2 3790 Service Pack 2
ServerNOS: Windows Server 2003 R2 5.2 Capabilities: 0x1f3fd
SMB session status: 1 TCP status: 1
Local Users To Server: 1 SecMode: 0xf Req Active: 0
MIDs:
Shares:
1) \\172.20.3.62\logspace Uses: 1 Type: NTFS Characteristics: 0x20 Attributes: 0x700ff
PathComponentMax: 255 Status: 1 type: DISK
root at cifsclient:/tmp #
Second: Now that the share is mounted, let's try to create a test file:
root at cifsclient:/tmp # touch log/testfile
touch: log/testfile: Permission denied
root at cifsclient:/tmp #
Output in syslog:
-----------------------
Feb 5 10:53:24 cifsclient kernel: fs/cifs/dir.c: CIFS VFS: in cifs_lookup as Xid: 81 with uid: 0
Feb 5 10:53:24 cifsclient kernel: fs/cifs/dir.c: parent inode = 0xf6c6fdec name is: testfile and dentry = 0xf72de900
Feb 5 10:53:24 cifsclient kernel: fs/cifs/dir.c: NULL inode in lookup
Feb 5 10:53:24 cifsclient kernel: fs/cifs/dir.c: Full path: \testfile inode = 0x00000000
Feb 5 10:53:24 cifsclient kernel: fs/cifs/inode.c: Getting info on \testfile
Feb 5 10:53:24 cifsclient kernel: fs/cifs/transport.c: For smb_command 50
Feb 5 10:53:24 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 92
Feb 5 10:53:24 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x27)
Feb 5 10:53:24 cifsclient kernel: fs/cifs/connect.c: Mid 0x76 matched - waking up
Feb 5 10:53:24 cifsclient kernel: fs/cifs/transport.c: Unexpected signature received from server
Feb 5 10:53:24 cifsclient kernel: Status code returned 0xc0000034 NT_STATUS_OBJECT_NAME_NOT_FOUND
Feb 5 10:53:24 cifsclient kernel: fs/cifs/netmisc.c: !!Mapping smb error code 2 to POSIX err -2 !!
Feb 5 10:53:24 cifsclient kernel: fs/cifs/cifssmb.c: Send error in QPathInfo = -2
Feb 5 10:53:24 cifsclient kernel: fs/cifs/dir.c: CIFS VFS: leaving cifs_lookup (xid = 81) rc = 0
Feb 5 10:53:24 cifsclient kernel: fs/cifs/dir.c: CIFS VFS: in cifs_create as Xid: 82 with uid: 0
Feb 5 10:53:24 cifsclient kernel: fs/cifs/transport.c: For smb_command 162
Feb 5 10:53:24 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 104
Feb 5 10:53:24 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x27)
Feb 5 10:53:24 cifsclient kernel: fs/cifs/connect.c: Mid 0x77 matched - waking up
Feb 5 10:53:24 cifsclient kernel: fs/cifs/transport.c: Unexpected signature received from server
Feb 5 10:53:24 cifsclient kernel: Status code returned 0xc0000022 NT_STATUS_ACCESS_DENIED
Feb 5 10:53:24 cifsclient kernel: fs/cifs/netmisc.c: !!Mapping smb error code 5 to POSIX err -13 !!
Feb 5 10:53:24 cifsclient kernel: fs/cifs/cifssmb.c: Error in Open = -13
Feb 5 10:53:24 cifsclient kernel: fs/cifs/dir.c: cifs_create returned 0xfffffff3
Feb 5 10:53:24 cifsclient kernel: fs/cifs/dir.c: CIFS VFS: leaving cifs_create (xid = 82) rc = -13
-----------------------
Third: unmount the share again:
root at cifsclient:/tmp # umount /tmp/log
root at cifsclient:/tmp #
-----------------------
Feb 5 10:54:38 cifsclient kernel: fs/cifs/inode.c: CIFS VFS: in cifs_revalidate as Xid: 83 with uid: 0
Feb 5 10:54:38 cifsclient kernel: fs/cifs/inode.c: Revalidate: inode 0xf6c6fdec count 1 dentry: 0xf72debd0 d_time 0 jiffies 2806797
Feb 5 10:54:38 cifsclient kernel: fs/cifs/inode.c: Getting info on
Feb 5 10:54:38 cifsclient kernel: fs/cifs/transport.c: For smb_command 50
Feb 5 10:54:38 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 74
Feb 5 10:54:38 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x98)
Feb 5 10:54:38 cifsclient kernel: fs/cifs/connect.c: Mid 0x78 matched - waking up
Feb 5 10:54:38 cifsclient kernel: fs/cifs/transport.c: Unexpected signature received from server
Feb 5 10:54:38 cifsclient kernel: fs/cifs/inode.c: Old time 2582816
Feb 5 10:54:38 cifsclient kernel: fs/cifs/inode.c: New time 2806797
Feb 5 10:54:38 cifsclient kernel: fs/cifs/inode.c: Directory inode
Feb 5 10:54:38 cifsclient kernel: fs/cifs/inode.c: cifs_revalidate - inode unchanged
Feb 5 10:54:38 cifsclient kernel: fs/cifs/inode.c: CIFS VFS: leaving cifs_revalidate (xid = 83) rc = 0
Feb 5 10:54:38 cifsclient kernel: fs/cifs/cifsfs.c: In cifs_put_super
Feb 5 10:54:38 cifsclient kernel: fs/cifs/connect.c: CIFS VFS: in cifs_umount as Xid: 84 with uid: 0
Feb 5 10:54:38 cifsclient kernel: fs/cifs/cifssmb.c: In tree disconnect
Feb 5 10:54:38 cifsclient kernel: fs/cifs/transport.c: For smb_command 113
Feb 5 10:54:38 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 35
Feb 5 10:54:38 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x27)
Feb 5 10:54:38 cifsclient kernel: fs/cifs/connect.c: Mid 0x79 matched - waking up
Feb 5 10:54:38 cifsclient kernel: fs/cifs/transport.c: Unexpected signature received from server
Feb 5 10:54:38 cifsclient kernel: fs/cifs/connect.c: About to do SMBLogoff
Feb 5 10:54:38 cifsclient kernel: fs/cifs/cifssmb.c: In SMBLogoff for session disconnect
Feb 5 10:54:38 cifsclient kernel: fs/cifs/transport.c: For smb_command 116
Feb 5 10:54:38 cifsclient kernel: fs/cifs/transport.c: Sending smb of length 39
Feb 5 10:54:38 cifsclient kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x2b)
Feb 5 10:54:38 cifsclient kernel: fs/cifs/connect.c: Mid 0x7a matched - waking up
Feb 5 10:54:38 cifsclient kernel: fs/cifs/transport.c: Unexpected signature received from server
Feb 5 10:54:38 cifsclient kernel: fs/cifs/connect.c: Waking up socket by sending it signal
Feb 5 10:54:38 cifsclient kernel: fs/cifs/connect.c: Wait for exit from demultiplex thread
Feb 5 10:54:39 cifsclient kernel: fs/cifs/connect.c: CIFS VFS: leaving cifs_umount (xid = 84) rc = 0
-----------------------
More information about the linux-cifs-client
mailing list