[linux-cifs-client] Question on current state of sec=krb5* integration in cifs.ko

Holger Rauch holger.rauch at empic.de
Fri Oct 23 07:54:29 MDT 2009


Hi Jeff,

first of all, thanks for your quick reply.

On Fri, 23 Oct 2009, Jeff Layton wrote:

> On Fri, 23 Oct 2009 13:12:14 +0200
> Holger Rauch <holger.rauch at empic.de> wrote:
> > [...] 
> > I just tried that. Mount options in /etc/fstab are
> > 
> > noauto,sec=krb5i,iocharset=iso8859-15
> > 
> > When I issue the mount cmd, it asks me for a password.
> 
> That probably means that you have a fairly old mount.cifs program. The
> more recent ones don't prompt for a password when sec=krb5* is
> specified. Try adding the "guest" option which will disable password
> prompting.

Ok, I tried that (debugging output included as well; interestingly
enough, "mount.cifs -V" only outputs the help message, even if
mount.cifs is called with an absolute path). This happenend on a
Debian Lenny system having the shipped kernel version (uname -r):

2.6.26-2-686-bigmem

Since "mount.cifs -V" didn't come up with version info, I used
"apt-cache show smbfs" ("smbfs" is the Debian package mount.cifs is
contained in). It has the same version as the other Samba packages
shipped with Debian: 3.2.5

==============

pia:~# mount -t cifs //server/myuser
/cifs/user --verbose -o
sec=krb5i,user=myuser,guest,iocharset=iso8859-15
parsing options: rw,sec=krb5i,user=myuser,guest,iocharset=iso8859-15

mount.cifs kernel mount options
unc=//server\myuser,ip=ww.xx.yy.zz,ver=1,rw,sec=krb5i,user=myuser,guest,iocharset=iso8859-15

mount error 95 = Operation not supported
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
pia:~# dmesg
[8046556.840192]  fs/cifs/cifsfs.c: Devname:
//prag-old.er.heitec.net/hrauch flags: 64 
[8046556.847954]  fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid:
15 with uid: 0
[8046556.895920]  fs/cifs/connect.c: iocharset set to iso8859-15
[8046556.903932]  fs/cifs/connect.c: Username: myuser
[8046556.911928]  fs/cifs/connect.c: UNC:
\\server\myuser ip: ww.xx.yy.zz
[8046556.916743]  fs/cifs/connect.c: Socket created
[8046556.924050]  fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380
rcvtimeo 0x7fffffff
[8046556.935312]  fs/cifs/connect.c: Existing smb sess not found
[8046556.935312]  fs/cifs/connect.c: Demultiplex PID: 6171
[8046556.946262]  fs/cifs/cifssmb.c: secFlags 0x1009
[8046556.950328]  fs/cifs/cifssmb.c: Kerberos only mechanism, enable
extended security
[8046556.957962]  fs/cifs/transport.c: For smb_command 114
[8046556.962692]  fs/cifs/transport.c: Sending smb of length 78
[8046556.968883]  fs/cifs/connect.c: rfc1002 length 0xbe
[8046556.974665]  fs/cifs/cifssmb.c: Dialect: 2
[8046556.978940]  fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348
0x1bb92
[8046556.989230]  fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
[8046556.991772]  fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
[8046556.998296]  fs/cifs/asn1.c: Need to call asn1_octets_decode()
function for cifs/server at MYREALM
[8046557.008389]  fs/cifs/cifssmb.c: Must sign - secFlags 0x1009
[8046557.015170]  CIFS VFS: signing required but server lacks support
[8046557.022305]  fs/cifs/cifssmb.c: negprot rc -95
[8046557.136096]  fs/cifs/connect.c: No session or bad tcon
[8046557.213439]  fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid
= 15) rc = -95
[8046557.221012]  CIFS VFS: cifs_mount failed w/return code = -95

==============

Do I need a more recent kernel? If so, which one would you recommend?

Thanks in advance for any hints & kind regards,

       Holger
       
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux-cifs-client/attachments/20091023/d89d52a1/attachment-0001.pgp>


More information about the linux-cifs-client mailing list