[Samba] Pam_mount not working with "sec=krb5"

Ole Traupe ole.traupe at tu-berlin.de
Mon Nov 2 11:54:58 UTC 2015

Hi all, this is not really a Samba question, but related, and I hope 
that some of you are using this and can tell me what I am doing wrong.

On a member server, I can mount my shares by hand specifying "-o 
username=xxx,domain=yyy,password=zzz". But as soon as I put "sec=krb5" 
in the mount options (and leaving out the password part), I get this error:

# mount error(126): Required key not available

I did an extensive web search and saw that many people have problems 
here. But I found no definite solution. I tried to specify 
'cruid=%(USERID)' in the case of pam_mount, or 'cruid=12345' in the 
manual case (12345 being the literal uid of the user). I also tried 
getting rid of the strange file ending of the krb5 key cache, because in 
my case it is e.g. "krb5cc_12345_Zb1yLU". And I tried chowning the file 
to root:root instead of user:domain users. Nothing worked.

The krb5 key cache files are created in /tmp on user logon. Is this the 
correct lookup directory, in the first place?

Kerberos as such is working correctly. Domain logons work, kinit as 
well. This is on CentOS 6.7. Pam_mount was installed via the Nux Desktop 


More information about the samba mailing list