[linux-cifs-client] CIFS mount and smbclient with krb5 not work with dfs namespace

Igor Mammedov niallain at gmail.com
Mon Jun 15 12:34:14 GMT 2009 

Hi Brice,

Most likely DFS root server returns in DFS referral a hostname that is not
registered as principal in kerberos, hence a error you see. You could use
ntlmv2 for this case or fix referral links in DFS tree to correct hostnames
(i.e. registered in kerberos db).

Here is the thread where this case was discussed:
 "Re: [PATCH] Add support for using server supplied principal (mic option)"

brice.rouanet at iut-tlse3.fr wrote:
> Hi,
> 
> I use pam mount to mount CIFS share from windows 2008 server with sec=krb5.
> 
> If I use the DFS namespace it not work :
> 
> [62131.983048]  CIFS VFS: Send error in SessSetup = -126
> [62131.983286]  CIFS VFS: cifs_mount failed w/return code = -126
> 
> but with the serveur name it works; and with smbclient, I got with name
> space :
> 
> r-gcgp-111-a12:~# smbclient -k  //iut.iut-tlse3.fr/partage
> ads_krb5_mk_req: krb5_get_credentials failed for iut$@IUT.IUT-TLSE3.FR
> (Server not found in Kerberos database)
> cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Server not
> found in Kerberos database
> session setup failed: SUCCESS - 0
> 
> with server name :
> 
> r-gcgp-111-a12:~# smbclient -k  //p-cri-dc01.iut.iut-tlse3.fr/partage
> OS=[Windows Server (R) 2008 Enterprise 6001 Service Pack 1]
> Server=[Windows Server (R) 2008 Enterprise 6.0]
> smb: \>
> 
> 
> Here my pam_mount config wich work :
> 
> <volume user="*" fstype="cifs" server="p-cri-dc01.iut.iut-tlse3.fr"
> path="partage/home/personnel/%(USER)" mountpoint="/home/%(USER)"
> options="sec=krb5,guest,iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid"
> />
> 
> and wich not work :
> 
> <volume user="*" fstype="cifs" server="iut.iut-tlse3.fr"
> path="partage/home/personnel/%(USER)" mountpoint="/home/%(USER)"
> options="sec=krb5,guest,iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid"
> />
> 
> If I mount the share using nmespace without sec=krb5 it works,
> any idea ?
> 
> Regards,
> Brice.
> 
> ****************************************
>               Brice Rouanet
>          Technicien informatique
>         Département Genie Chimique
>     Centre de Ressources Informatiques
> ****************************************
>           Tel : 05.62.25.89.19
> ****************************************
>        CRI - IUT "A" PAUL SABATIER
>          137, avenue de Rangueil
>                  BP67701
>          31077 TOULOUSE CEDEX 04
> ****************************************
> 
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
> 
> _______________________________________________
> linux-cifs-client mailing list
> linux-cifs-client at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux-cifs-client

-- 

Best regards,

-------------------------
Igor Mammedov,
niallain "at" gmail.com

More information about the linux-cifs-client mailing list