[Samba] mount.cifs and kerberos failure

steve steve at steve-ss.com
Sat Sep 28 09:11:15 MDT 2013

On Sat, 2013-09-28 at 07:28 -0700, Cheng-Yang Tan wrote:
> Hi guys,
> This seems to be a well-known problem with mount.cifs on Ubuntu 12.04. 

It's not a problem. It simply means that cifs.upcall doesn't know what
key to use.

mount.cifs -o
sec=krb5,user=cytan,domain=ABCDE //beamssrv1.abcd.com/cytan$ ./win

If you wish cytan to mount and access the share (not a good idea but
anyway. . .) then cytan must have an entry in the keytab. The cifs mount
is then performed as:

mount -t cifs //beamssrv1.abcd.com/cytan\$ ./win

note: username _not_ user and don't forget to escape the $.

add the principal to the keytab on the client using ktutil:

 ktutil:  addent -password -p cytan at ABCDE -k 1 -e arcfour-hmac

the method is described here:

It would be better not to use a regular user to mount the share but
instead create an unprivileged domain user, e.g. cifsuser whos sole
purpose is to mount the share. You can then mount it using the multiuser
option if other users are required to use it.


More information about the samba mailing list