[Samba] mount.cifs and kerberos failure
steve at steve-ss.com
Sat Sep 28 09:11:15 MDT 2013
On Sat, 2013-09-28 at 07:28 -0700, Cheng-Yang Tan wrote:
> Hi guys,
> This seems to be a well-known problem with mount.cifs on Ubuntu 12.04.
It's not a problem. It simply means that cifs.upcall doesn't know what
key to use.
sec=krb5,user=cytan,domain=ABCDE //beamssrv1.abcd.com/cytan$ ./win
If you wish cytan to mount and access the share (not a good idea but
anyway. . .) then cytan must have an entry in the keytab. The cifs mount
is then performed as:
mount -t cifs //beamssrv1.abcd.com/cytan\$ ./win
note: username _not_ user and don't forget to escape the $.
add the principal to the keytab on the client using ktutil:
ktutil: addent -password -p cytan at ABCDE -k 1 -e arcfour-hmac
the method is described here:
It would be better not to use a regular user to mount the share but
instead create an unprivileged domain user, e.g. cifsuser whos sole
purpose is to mount the share. You can then mount it using the multiuser
option if other users are required to use it.
More information about the samba