[Samba] mount.cifs and sec=krb5

Ben Vaughan benvon at iastate.edu
Fri May 4 20:17:51 GMT 2007


Hello fellow Samba folks,

I am attempting to mount a cifs share on a RHEL 5 box using  
mount.cifs.  The server is another RHEL 5 box.  Both boxes are joined  
to the same Kerberos realm (AD).

I kinit to get my Kerberos tickets.

This is the mount command I'm using:

mount.cifs  //rhel5.server.iastate.edu/benvon ./mnt -o  
user=benvon,sec=krb5

This results in a password prompt, then a permission denied message  
(even if the password was correct).

The interesting thing to see is the log on the server (log level 10  
excerpt):

[2007/05/04 15:10:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1010)
   sesssetupX:name=[]\[湥潶n䰀湩硵瘠牥楳湯㈠㘮 
ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x]@ 
[129.186.196.8]
[2007/05/04 15:10:30, 6] param/loadparm.c:lp_file_list_changed(3001)
   lp_file_list_changed()
   file /etc/samba/smb.conf -> /etc/samba/smb.conf  last mod_time:  
Fri May  4 10:59:44 2007

[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info_map(161)
   make_user_info_map: Mapping user []\[湥潶n䰀湩硵瘠牥楳湯 
㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x] from  
workstation [129.186.196.8]
[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(75)
   attempting to make a user_info for 湥潶n䰀湩硵瘠牥楳湯㈠ 
㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x (湥潶n 
䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥 
⁴潦⁲楌畮x)
[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(85)
   making strings for 湥潶n䰀湩硵瘠牥楳湯㈠㘮 
ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x's user_info  
struct
[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(117)
   making blobs for 湥潶n䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱ 
汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x's user_info struct
[2007/05/04 15:10:30, 10] auth/auth_util.c:make_user_info(135)
   made an encrypted user_info for 湥潶n䰀湩硵瘠牥楳湯㈠㘮 
ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲楌畮x (湥潶n䰀 
湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴ 
潦⁲楌畮x)
[2007/05/04 15:10:30, 3] auth/auth.c:check_ntlm_password(221)
   check_ntlm_password:  Checking password for unmapped user []\[湥潶 
n䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥 
⁴潦⁲楌畮x]@[129.186.196.8] with the new password interface
[2007/05/04 15:10:30, 3] auth/auth.c:check_ntlm_password(224)
   check_ntlm_password:  mapped user is: [IASTATE]\[湥潶n䰀湩硵 
瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦⁲ 
楌畮x]@[129.186.196.8]


Yah....

Anyway, when leaving off the sec=krb5 or setting sec=ntlmv2,  
everything works as expected.

smbclient -k works as expected.

Does anyone have any advice?  I can produce as much logging as may be  
needed.

If this isn't the proper place to be asking questions about  
mount.cifs, please redirect me.

Many Thanks,

Ben Vaughan, RHCE
Engineering Computing Support Services
Iowa State University
benvon at iastate.edu


More information about the samba mailing list