[Samba] mount.cifs and sec=krb5
Ben Vaughan
benvon at iastate.edu
Fri May 4 20:17:51 GMT 2007
Hello fellow Samba folks,
I am attempting to mount a cifs share on a RHEL 5 box using
mount.cifs. The server is another RHEL 5 box. Both boxes are joined
to the same Kerberos realm (AD).
I kinit to get my Kerberos tickets.
This is the mount command I'm using:
mount.cifs //rhel5.server.iastate.edu/benvon ./mnt -o
user=benvon,sec=krb5
This results in a password prompt, then a permission denied message
(even if the password was correct).
The interesting thing to see is the log on the server (log level 10
excerpt):
[2007/05/04 15:10:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1010)
sesssetupX:name=[]\[湥潶n䰀湩硵瘠牥楳湯㈠㘮
ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x]@
[129.186.196.8]
[2007/05/04 15:10:30, 6] param/loadparm.c:lp_file_list_changed(3001)
lp_file_list_changed()
file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time:
Fri May 4 10:59:44 2007
[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info_map(161)
make_user_info_map: Mapping user []\[湥潶n䰀湩硵瘠牥楳湯
㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x] from
workstation [129.186.196.8]
[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(75)
attempting to make a user_info for 湥潶n䰀湩硵瘠牥楳湯㈠
㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x (湥潶n
䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥
⁴潦楌畮x)
[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(85)
making strings for 湥潶n䰀湩硵瘠牥楳湯㈠㘮
ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x's user_info
struct
[2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(117)
making blobs for 湥潶n䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱
汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x's user_info struct
[2007/05/04 15:10:30, 10] auth/auth_util.c:make_user_info(135)
made an encrypted user_info for 湥潶n䰀湩硵瘠牥楳湯㈠㘮
ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x (湥潶n䰀
湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴
潦楌畮x)
[2007/05/04 15:10:30, 3] auth/auth.c:check_ntlm_password(221)
check_ntlm_password: Checking password for unmapped user []\[湥潶
n䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥
⁴潦楌畮x]@[129.186.196.8] with the new password interface
[2007/05/04 15:10:30, 3] auth/auth.c:check_ntlm_password(224)
check_ntlm_password: mapped user is: [IASTATE]\[湥潶n䰀湩硵
瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦
楌畮x]@[129.186.196.8]
Yah....
Anyway, when leaving off the sec=krb5 or setting sec=ntlmv2,
everything works as expected.
smbclient -k works as expected.
Does anyone have any advice? I can produce as much logging as may be
needed.
If this isn't the proper place to be asking questions about
mount.cifs, please redirect me.
Many Thanks,
Ben Vaughan, RHCE
Engineering Computing Support Services
Iowa State University
benvon at iastate.edu
More information about the samba
mailing list