[linux-cifs-client] Question on current state of sec=krb5* integration in cifs.ko
Robert Euhus
euhus-liste1 at rrzn.uni-hannover.de
Fri Oct 23 02:00:46 MDT 2009
Hi,
Holger Rauch wrote:
> Hi to everybody,
>
> I came accross this link
>
> http://fixunix.com/samba/140566-samba-mount-cifs-sec-krb5.html
>
> while trying to use sec=krb5 or sec=krb5i in conjunction with
> mount.cifs. On a Debian Lenny system (includes version 1.53 of
> cifs.ko), this doesn't seem to work. This thread is quite old
> (10/2007) and I'm wondering whether what's been said in there is still
> valid.
>
> "smbclient -L ... -k" or "smbclient ... -k" calls work without any
> problems (provided that I run "kinit" in advance). In the interactive
> smb shell, I can use e.g. mkdir and rmdir without any problem. So, my
> Kerberos setup is working.
>
> Installed kernel image on Debian Lenny is ("uname -r" output):
>
> 2.6.26-2-686-bigmem
>
> What's the current status regarding sec=krb5 and sec=krb5i mount
> options?
>
It works here on Lenny, although you might have to install the keyutils
Package and add the following lines to /etc/request-key.conf :
create cifs.spnego * * /usr/sbin/cifs.upcall %k %d
create dns_resolver * * /usr/sbin/cifs.upcall %k
You might also want to have a look at a small (and not quite finished
yet) German HOWTO I wrote:
http://www.rrzn.uni-hannover.de/anl-linclient-ads.html
> Thanks in advance for any info!
>
> Kind regards,
>
> Holger
> --
> =========================================
> Holger Rauch
> Entwicklung Anwendungs-Software
> Systemadministration UNIX
>
> Tel.: +49 / 9131 / 877 - 141
> Fax: +49 / 9131 / 877 - 266
> Email: Holger.Rauch at empic.de
> =========================================
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> linux-cifs-client mailing list
> linux-cifs-client at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux-cifs-client
Yours,
Robert
More information about the linux-cifs-client
mailing list