[linux-cifs-client] SOLVED: Re: Can not mount AD share with Kerberos ticket: mount error 126 = Required key not available
Robert Euhus
euhus-liste1 at rrzn.uni-hannover.de
Mon Sep 14 02:50:47 MDT 2009
Jeff Layton schrieb:
> On Fri, 11 Sep 2009 14:49:04 +0200
> Robert Euhus <euhus-liste1 at rrzn.uni-hannover.de> wrote:
> Hello,
>>
>> [..]
>
> ...nope, according to the above info, cifs.upcall is going to attempt
> to get a service principal of:
>
> host/dc1.workgroup.site.de at WORKGROUP.INTERN
>
> ...before connecting to the server. That's failing for some reason. In
> general with krb5 you'll want to use the canonical hostname of the
> server when mounting as that's the name most likely to be used in
> service principals.
This brought me on the right track: doing a klist on a Windows client showed
me that the KDC only has a service principal for
host/dc1.workgroup.intern at WORKGROUP.INTERN
not for
host/dc1.workgroup.site.de at WORKGROUP.INTERN
which doesn't look right to me. But using
/sbin/mount.cifs //dc1.workgroup.intern/homes .workgroup/homes/ -o sec=krb5i,guest
works now.
Thank you very much!
Cheers,
Robert.
More information about the linux-cifs-client
mailing list