[linux-cifs-client] Question on current state of sec=krb5* integration in cifs.ko
Jeff Layton
jlayton at redhat.com
Fri Oct 23 08:19:42 MDT 2009
On Fri, 23 Oct 2009 15:54:29 +0200
Holger Rauch <holger.rauch at empic.de> wrote:
> Hi Jeff,
>
> first of all, thanks for your quick reply.
>
> On Fri, 23 Oct 2009, Jeff Layton wrote:
>
> > On Fri, 23 Oct 2009 13:12:14 +0200
> > Holger Rauch <holger.rauch at empic.de> wrote:
> > > [...]
> > > I just tried that. Mount options in /etc/fstab are
> > >
> > > noauto,sec=krb5i,iocharset=iso8859-15
> > >
> > > When I issue the mount cmd, it asks me for a password.
> >
> > That probably means that you have a fairly old mount.cifs program. The
> > more recent ones don't prompt for a password when sec=krb5* is
> > specified. Try adding the "guest" option which will disable password
> > prompting.
>
> Ok, I tried that (debugging output included as well; interestingly
> enough, "mount.cifs -V" only outputs the help message, even if
> mount.cifs is called with an absolute path). This happenend on a
> Debian Lenny system having the shipped kernel version (uname -r):
>
> 2.6.26-2-686-bigmem
>
> Since "mount.cifs -V" didn't come up with version info, I used
> "apt-cache show smbfs" ("smbfs" is the Debian package mount.cifs is
> contained in). It has the same version as the other Samba packages
> shipped with Debian: 3.2.5
>
> ==============
>
> pia:~# mount -t cifs //server/myuser
> /cifs/user --verbose -o
> sec=krb5i,user=myuser,guest,iocharset=iso8859-15
> parsing options: rw,sec=krb5i,user=myuser,guest,iocharset=iso8859-15
>
> mount.cifs kernel mount options
> unc=//server\myuser,ip=ww.xx.yy.zz,ver=1,rw,sec=krb5i,user=myuser,guest,iocharset=iso8859-15
>
> mount error 95 = Operation not supported
> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
> pia:~# dmesg
> [8046556.840192] fs/cifs/cifsfs.c: Devname:
> //prag-old.er.heitec.net/hrauch flags: 64
> [8046556.847954] fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid:
> 15 with uid: 0
> [8046556.895920] fs/cifs/connect.c: iocharset set to iso8859-15
> [8046556.903932] fs/cifs/connect.c: Username: myuser
> [8046556.911928] fs/cifs/connect.c: UNC:
> \\server\myuser ip: ww.xx.yy.zz
> [8046556.916743] fs/cifs/connect.c: Socket created
> [8046556.924050] fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380
> rcvtimeo 0x7fffffff
> [8046556.935312] fs/cifs/connect.c: Existing smb sess not found
> [8046556.935312] fs/cifs/connect.c: Demultiplex PID: 6171
> [8046556.946262] fs/cifs/cifssmb.c: secFlags 0x1009
> [8046556.950328] fs/cifs/cifssmb.c: Kerberos only mechanism, enable
> extended security
> [8046556.957962] fs/cifs/transport.c: For smb_command 114
> [8046556.962692] fs/cifs/transport.c: Sending smb of length 78
> [8046556.968883] fs/cifs/connect.c: rfc1002 length 0xbe
> [8046556.974665] fs/cifs/cifssmb.c: Dialect: 2
> [8046556.978940] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348
> 0x1bb92
> [8046556.989230] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
> [8046556.991772] fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
> [8046556.998296] fs/cifs/asn1.c: Need to call asn1_octets_decode()
> function for cifs/server at MYREALM
> [8046557.008389] fs/cifs/cifssmb.c: Must sign - secFlags 0x1009
> [8046557.015170] CIFS VFS: signing required but server lacks support
I think this message explains the problem ^^^^
You've request krb5i, but your server doesn't support signing. You
might want to try sec=krb5 and see if that works.
> [8046557.022305] fs/cifs/cifssmb.c: negprot rc -95
> [8046557.136096] fs/cifs/connect.c: No session or bad tcon
> [8046557.213439] fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid
> = 15) rc = -95
> [8046557.221012] CIFS VFS: cifs_mount failed w/return code = -95
>
> ==============
>
> Do I need a more recent kernel? If so, which one would you recommend?
>
> Thanks in advance for any hints & kind regards,
>
> Holger
>
--
Jeff Layton <jlayton at redhat.com>
More information about the linux-cifs-client
mailing list