[linux-cifs-client] Problems mounting CIFS ressources with
Kerberos
Q (Igor Mammedov)
niallain at gmail.com
Fri Jul 11 15:28:19 GMT 2008
First of all you need working kerberos client on this machine with
valid credentials
in the cache for vzyinstall user (kinit and klist executed under this
account will help
you get them and verify).
Then you must have cifs.spnego helper with properly configured
/etc/request-key.conf.
And try to use sec=krb5i instead of just krb5.
If it will not help, then as Jeff said a network dump would be helpfull.
PS:
Also check if SUID bit is set on mount.cifs helper, that may be
necessary if you trying
to do it not as root.
On Fri, Jul 11, 2008 at 4:34 PM, Sébastien Canchon <scanchon at gmail.com> wrote:
> Hello,
>
> I have some Linux boxes, which are added on a AD domain by Samba.
> Recently, with the Experimental CIFS support and spnego upcall, it is
> possible to mount CIFS shares with kerberos support.
> I have compiled my kernel with support, installed the last version of Samba
> (3.2.0) and configure the spnego file in /etc.
> When I try to mount a W2K3 Share, it works perfectly, but when i try to
> mount a share from our NAS (Netapp Filer), i have this result:
>
> ~$ mount.cifs //vzy-filertest/PartageCIFS/ ~/toto -o
> sec=krb5,username=vzyinstall,password=fake
> mount error 5 = Input/output error
>
> Dmesg output:
> [165731.924222] /usr/src/kernel/linux-2.6.24/fs/cifs/cifsfs.c: Devname:
> //vzy-filertest/PartageCIFS/ flags: 64
> [165731.924233] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: CIFS VFS: in
> cifs_mount as Xid: 38 with uid: 0[165731.924245]
> /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: Username: vzyinstall
> [165731.924250] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: UNC:
> \\vzy-filertest\PartageCIFS ip: 10.142.65.133[165731.924261]
> /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: Socket created
> [165731.924883] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: sndbuf 16384
> rcvbuf 87380 rcvtimeo 0x7fffffff[165731.925250]
> /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: Demultiplex PID: 10129
> [165731.925386] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: Existing smb
> sess not found
> [165731.925396] /usr/src/kernel/linux-2.6.24/fs/cifs/cifssmb.c: secFlags 0x8
> [165731.925400] /usr/src/kernel/linux-2.6.24/fs/cifs/cifssmb.c: Kerberos
> only mechanism, enable extended security[165731.925406]
> /usr/src/kernel/linux-2.6.24/fs/cifs/transport.c: For smb_command 114
> [165731.925410] /usr/src/kernel/linux-2.6.24/fs/cifs/transport.c: Sending
> smb of length 69
> [165731.933580] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: rfc1002
> length 0xa8
> [165731.933599] /usr/src/kernel/linux-2.6.24/fs/cifs/cifssmb.c: Dialect: 2
> [165731.933604] /usr/src/kernel/linux-2.6.24/fs/cifs/cifssmb.c: negprot rc
> -5
> [165732.062832] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: No session
> or bad tcon
> [165732.062841] /usr/src/kernel/linux-2.6.24/fs/cifs/connect.c: CIFS VFS:
> leaving cifs_mount (xid = 38) rc = -5
>
> Another thing is when i try to connect on this share from a XP box, it works
> perfectly with Kerberos (i see the KRBREQ/KRBREP and NEGOTIATE transactions
> in wireshark)
>
> I use a 2.6.24-19-generic (under i386 platform) kernel with
> CONFIG_CIFS_UPCALL, CONFIG_CIFS_EXPERIMENTAL CONFIG_CIFS_STATS and
> CONFIG_CIFS_WEAK_PW_HASH activated.
> Cifs Module version is 1.52 and Samba version is 3.2.0
>
> Anyone has already try to do that ?
> Another question, what must need to appear in the SMB packet for get
> kerberos working with the module ?
> Thanks,
> Sebastien CANCHON.
> _______________________________________________
> linux-cifs-client mailing list
> linux-cifs-client at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux-cifs-client
>
>
More information about the linux-cifs-client
mailing list