[linux-cifs-client] Question on current state of sec=krb5* integration in cifs.ko
Holger Rauch
holger.rauch at empic.de
Fri Oct 23 07:54:29 MDT 2009
Hi Jeff,
first of all, thanks for your quick reply.
On Fri, 23 Oct 2009, Jeff Layton wrote:
> On Fri, 23 Oct 2009 13:12:14 +0200
> Holger Rauch <holger.rauch at empic.de> wrote:
> > [...]
> > I just tried that. Mount options in /etc/fstab are
> >
> > noauto,sec=krb5i,iocharset=iso8859-15
> >
> > When I issue the mount cmd, it asks me for a password.
>
> That probably means that you have a fairly old mount.cifs program. The
> more recent ones don't prompt for a password when sec=krb5* is
> specified. Try adding the "guest" option which will disable password
> prompting.
Ok, I tried that (debugging output included as well; interestingly
enough, "mount.cifs -V" only outputs the help message, even if
mount.cifs is called with an absolute path). This happenend on a
Debian Lenny system having the shipped kernel version (uname -r):
2.6.26-2-686-bigmem
Since "mount.cifs -V" didn't come up with version info, I used
"apt-cache show smbfs" ("smbfs" is the Debian package mount.cifs is
contained in). It has the same version as the other Samba packages
shipped with Debian: 3.2.5
==============
pia:~# mount -t cifs //server/myuser
/cifs/user --verbose -o
sec=krb5i,user=myuser,guest,iocharset=iso8859-15
parsing options: rw,sec=krb5i,user=myuser,guest,iocharset=iso8859-15
mount.cifs kernel mount options
unc=//server\myuser,ip=ww.xx.yy.zz,ver=1,rw,sec=krb5i,user=myuser,guest,iocharset=iso8859-15
mount error 95 = Operation not supported
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
pia:~# dmesg
[8046556.840192] fs/cifs/cifsfs.c: Devname:
//prag-old.er.heitec.net/hrauch flags: 64
[8046556.847954] fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid:
15 with uid: 0
[8046556.895920] fs/cifs/connect.c: iocharset set to iso8859-15
[8046556.903932] fs/cifs/connect.c: Username: myuser
[8046556.911928] fs/cifs/connect.c: UNC:
\\server\myuser ip: ww.xx.yy.zz
[8046556.916743] fs/cifs/connect.c: Socket created
[8046556.924050] fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380
rcvtimeo 0x7fffffff
[8046556.935312] fs/cifs/connect.c: Existing smb sess not found
[8046556.935312] fs/cifs/connect.c: Demultiplex PID: 6171
[8046556.946262] fs/cifs/cifssmb.c: secFlags 0x1009
[8046556.950328] fs/cifs/cifssmb.c: Kerberos only mechanism, enable
extended security
[8046556.957962] fs/cifs/transport.c: For smb_command 114
[8046556.962692] fs/cifs/transport.c: Sending smb of length 78
[8046556.968883] fs/cifs/connect.c: rfc1002 length 0xbe
[8046556.974665] fs/cifs/cifssmb.c: Dialect: 2
[8046556.978940] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348
0x1bb92
[8046556.989230] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
[8046556.991772] fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
[8046556.998296] fs/cifs/asn1.c: Need to call asn1_octets_decode()
function for cifs/server at MYREALM
[8046557.008389] fs/cifs/cifssmb.c: Must sign - secFlags 0x1009
[8046557.015170] CIFS VFS: signing required but server lacks support
[8046557.022305] fs/cifs/cifssmb.c: negprot rc -95
[8046557.136096] fs/cifs/connect.c: No session or bad tcon
[8046557.213439] fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid
= 15) rc = -95
[8046557.221012] CIFS VFS: cifs_mount failed w/return code = -95
==============
Do I need a more recent kernel? If so, which one would you recommend?
Thanks in advance for any hints & kind regards,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux-cifs-client/attachments/20091023/d89d52a1/attachment-0001.pgp>
More information about the linux-cifs-client
mailing list