[linux-cifs-client] Netapp and krb5

Shirish Pargaonkar shirishpargaonkar at gmail.com
Wed Aug 26 04:13:47 MDT 2009 

On Wed, Aug 26, 2009 at 5:07 AM, Jeff Layton<jlayton at redhat.com> wrote:
> On Wed, 26 Aug 2009 11:00:06 +0200
> Thomas Sondag <thomas.sondag at gmail.com> wrote:
>
>> Hi all,
>>
>> I resend this message to the list, the previous one is probably stuck
>> in the moderation queue with thousands of spams ...
>>
>> I'm trying to mount a cifs share from a netapp 7.0.1.1 share to a
>> linux box running Ubuntu 9.04 with sec=krb5 and a windows 2000 AD.
>> But that's failing :
>>
>> [ 6924.132239]  /build/buildd/linux-2.6.28/fs/cifs/cifssmb.c: Dialect: 2
>> [ 6924.132246]  /build/buildd/linux-2.6.28/fs/cifs/cifssmb.c: negprot rc -5
>> [ 6924.132255]  /build/buildd/linux-2.6.28/fs/cifs/connect.c: CIFS
>> VFS: leaving cifs_mount (xid = 3402) rc = -5
>> [ 6924.132260]  CIFS VFS: cifs_mount failed w/return code = -5
>>
>
> The Negotiate Protocol request failed. That's generally the first call
> that goes out on the wire on a new mount.
>
> -5 is -EIO, which is sort of a generic error. There were some alignment
> fixes that went into this codepath a few months ago (after 2.6.28). You
> may want to try a newer kernel.
>
> If that doesn't help, you can send me a capture and I'll take a look.
>
>> With the same setup I managed to mount a Win2003 and samba 3 shares
>> with kerberos.
>> Using smbclient -k or gvfs2 smb:// is ok with the Netapp share.
>> I'm not root, mount.cifs have a correct suid.
>> The /etc/request-key.conf is ok (and it's working with win2003 and samba 3)
>> The machine account in the AD is the same as the reverse dns name.
>> It's working fine with NTLM authentication.
>>
>> I'm running out of option, I could provide a network trace if you give
>> me a private user email (I won't post that on the list).
>>
>> Please help,
>>  Thomas Sondag
>
>
>
>
> --
> Jeff Layton <jlayton at redhat.com>
> _______________________________________________
> linux-cifs-client mailing list
> linux-cifs-client at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux-cifs-client
>

If negotiate protocol request itself is failing, wonder how the same
request succeeds with NTLM authentication!

More information about the linux-cifs-client mailing list