[linux-cifs-client] Problems mounting CIFS ressources with Kerberos

Sébastien Canchon scanchon at gmail.com
Fri Jul 11 12:34:38 GMT 2008 

 Hello,

I have some Linux boxes, which are added on a AD domain by Samba.
Recently, with the Experimental CIFS support and spnego upcall, it is
possible to mount CIFS shares with kerberos support.
I have compiled my kernel with support, installed the last version of Samba
(3.2.0) and configure the spnego file in /etc.
When I try to mount a W2K3 Share, it works perfectly, but when i try to
mount a share from our NAS (Netapp Filer), i have this result:

~$ mount.cifs //vzy-filertest/PartageCIFS/ ~/toto -o
sec=krb5,username=vzyinstall,password=fake
mount error 5 = Input/output error

Dmesg output:
[165731.924222] /usr/src/kernel/linux-2.6.24/fs/cifs/cifsfs.c: Devname:
//vzy-filertest/PartageCIFS/ flags: 64
[165731.924233] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: CIFS VFS: in
cifs_mount as Xid: 38 with uid: 0[165731.924245]
/usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: Username: vzyinstall
[165731.924250] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: UNC:
\\vzy-filertest\PartageCIFS ip: 10.142.65.133[165731.924261]
/usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: Socket created
[165731.924883] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: sndbuf 16384
rcvbuf 87380 rcvtimeo 0x7fffffff[165731.925250]
/usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: Demultiplex PID: 10129
[165731.925386] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: Existing smb
sess not found
[165731.925396] /usr/src/kernel/linux-2.6.24/fs/cifs/cifssmb.c: secFlags 0x8
[165731.925400] /usr/src/kernel/linux-2.6.24/fs/cifs/cifssmb.c: Kerberos
only mechanism, enable extended security[165731.925406]
/usr/src/kernel/linux-2.6.24/fs/cifs/transport.c: For smb_command 114
[165731.925410] /usr/src/kernel/linux-2.6.24/fs/cifs/transport.c: Sending
smb of length 69
[165731.933580] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: rfc1002
length 0xa8
[165731.933599] /usr/src/kernel/linux-2.6.24/fs/cifs/cifssmb.c: Dialect: 2
[165731.933604] /usr/src/kernel/linux-2.6.24/fs/cifs/cifssmb.c: negprot rc
-5
[165732.062832] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: No session
or bad tcon
[165732.062841] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: CIFS VFS:
leaving cifs_mount (xid = 38) rc = -5

Another thing is when i try to connect on this share from a XP box, it works
perfectly with Kerberos (i see the KRBREQ/KRBREP and NEGOTIATE transactions
in wireshark)

I use a 2.6.24-19-generic (under i386 platform) kernel with
CONFIG_CIFS_UPCALL, CONFIG_CIFS_EXPERIMENTAL CONFIG_CIFS_STATS and
CONFIG_CIFS_WEAK_PW_HASH activated.
Cifs Module version is 1.52 and Samba version is 3.2.0

Anyone has already try to do that ?
Another question, what must need to appear in the SMB packet for get
kerberos working with the module ?
Thanks,
Sebastien CANCHON.
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the linux-cifs-client mailing list