[Samba] mount cifs with sec=krb5
lists
lists at merit.unu.edu
Mon Jan 7 16:34:03 UTC 2019
Hi,
I am trying to mount fileserver (samba, 10.20.30.16) shares on a linux
domain member server, where I logged on via ssh using AD my credentials.
I am unable to get past the "mount error(126): Required key not
available" error message. I have read and googled a lot, and could use
some help.
See this:
> domainuser at memberserver-45:~$ sudo tail -f /var/log/debug &
> [1] 2178
> domainuser at memberserver-45:~$ id -u
> 2028
> domainuser at memberserver-45:~$ id -g
> 513
> domainuser at memberserver-45:~$ klist
> Ticket cache: FILE:/tmp/krb5cc_2028
> Default principal: domainuser at SAMBA.COMPANY.COM
>
> Valid starting Expires Service principal
> 01/07/2019 17:01:12 01/08/2019 03:01:12 krbtgt/SAMBA.COMPANY.COM at SAMBA.COMPANY.COM
> renew until 01/14/2019 17:01:12
> 01/07/2019 17:01:12 01/08/2019 03:01:12 MEMBERSERVER-45$@SAMBA.COMPANY.COM
> domainuser at memberserver-45:~$ sudo mount -t cifs //sambaserver/domainuser /mnt -osec=krb5,cruid=2028,uid=2028,gid=513
>
> Jan 7 17:11:36 memberserver-45 cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=sambaserver;ip4=10.20.30.16;sec=krb5;uid=0x3f6;creduid=0x3f6;user=root;pid=0x872
> Jan 7 17:11:36 memberserver-45 cifs.upcall: ver=2
> Jan 7 17:11:36 memberserver-45 cifs.upcall: host=sambaserver
> Jan 7 17:11:36 memberserver-45 cifs.upcall: ip=10.20.30.16
> Jan 7 17:11:36 memberserver-45 cifs.upcall: sec=1
> Jan 7 17:11:36 memberserver-45 cifs.upcall: uid=2028
> Jan 7 17:11:36 memberserver-45 cifs.upcall: creduid=2028
> Jan 7 17:11:36 memberserver-45 cifs.upcall: user=root
> Jan 7 17:11:36 memberserver-45 cifs.upcall: pid=2162
> Jan 7 17:11:36 memberserver-45 cifs.upcall: get_cachename_from_process_env: pathname=/proc/2162/environ
> Jan 7 17:11:36 memberserver-45 cifs.upcall: get_cachename_from_process_env: cachename = FILE:/tmp/krb5cc_2028
> Jan 7 17:11:36 memberserver-45 cifs.upcall: get_existing_cc: default ccache is FILE:/tmp/krb5cc_2028
> Jan 7 17:11:36 memberserver-45 cifs.upcall: handle_krb5_mech: getting service ticket for sambaserver
> Jan 7 17:11:36 memberserver-45 cifs.upcall: cifs_krb5_get_req: unable to get credentials for sambaserver
> Jan 7 17:11:36 memberserver-45 cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
> Jan 7 17:11:36 memberserver-45 cifs.upcall: handle_krb5_mech: getting service ticket for sambaserver.company.com
> Jan 7 17:11:36 memberserver-45 cifs.upcall: cifs_krb5_get_req: unable to get credentials for sambaserver.company.com
> mount error(126): Required key not available
> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
> Jan 7 17:11:36 memberserver-45 cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
> Jan 7 17:11:36 memberserver-45 cifs.upcall: Unable to obtain service ticket
> Jan 7 17:11:36 memberserver-45 cifs.upcall: Exit status -1765328377
> domainuser at memberserver-45:~$
This is on debian 9.6, and /etc/krb5.conf is as recommended on the samba
wiki.
Suggestions would be very much appreciated. :-)
Best regards,
MJ
More information about the samba
mailing list