[Samba] pam_mount in 'newer samba'...
L.P.H. van Belle
belle at bazuin.nl
Mon Sep 7 07:26:57 UTC 2020
Hai Marco,
Is the UPN set for this server. CIFS/hostnam.fqdn ?
Does its A and PTR match with the "real" hostname?
But i see : smb2_get_dfs_refer rc
Not commenting on this expect... upgrade the servers.. ;-)
Try :
apt install keyutils this might be missing and is needed for CIFS kerberos mounts
mount -t cifs -o user=USER,domain=DOMAIN,cruid=USER,sec=krb5,vers=3.0 //hostname.FQDN/share /mnt/tmp
mount -t cifs -o user=USER,domain=DOMAIN,cruid=USER,sec=krb5,vers=2.1 //hostname.FQDN/share /mnt/tmp
mount.cifs -o rw,user=user,pass=mypass,iocharset=utf8,sec=ntlm,vers=1.0 //hostname.FQDN /mnt/tmp
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: zondag 6 september 2020 22:23
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] pam_mount in 'newer samba'...
>
>
> Sorry for a rather 'unifornative' subject, but i've little o
> no clue on
> this.
>
>
> I'm using at work 'pam_mount' with a rather standard configuration
> to mount via CIFS/SMB user's home directory, from a samba AD member
> server.
> This configuration is a bit 'old' (mint sonya, AKA Ubuntu 16.04 as a
> client, so samba 4.3; debian and samba 4.8 as a server), but work
> perfectly, probably i suppose because i'm still using SMB1.
>
>
> Now i'm trying to redo the same thing, but in a rather 'modern' setup:
> samba 4.10 or .11 as a server, ubuntu focal so samba 4.11 as a client.
> But i'm not able to make it work. Client side i catch in log:
>
> Sep 5 12:38:10 pc1labinf17 kernel: [ 321.951616] FS-Cache: Loaded
> Sep 5 12:38:11 pc1labinf17 kernel: [ 321.968846] FS-Cache:
> Netfs 'cifs' registered for caching
> Sep 5 12:38:11 pc1labinf17 kernel: [ 321.968963] Key type
> cifs.spnego registered
> Sep 5 12:38:11 pc1labinf17 kernel: [ 321.968966] Key type
> cifs.idmap registered
> Sep 5 12:38:11 pc1labinf17 kernel: [ 321.971289] CIFS:
> Attempting to mount
> //fileserver.ad.domain.test/Users/studente3.diprova
> Sep 5 12:38:11 pc1labinf17 kernel: [ 321.971312] No
> dialect specified on mount. Default has changed to a more
> secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS
> (SMB1). To use the less secure SMB1 dialect to access old
> servers which do not support SMB3 (or SMB2.1) specify
> vers=1.0 on mount.
> Sep 5 12:38:11 pc1labinf17 kernel: [ 322.015963] CIFS VFS:
> BAD_NETWORK_NAME: \\fileserver.ad.domain.test\Users
> Sep 5 12:38:11 pc1labinf17 kernel: [ 322.016188] CIFS VFS:
> \\fileserver.ad.domain.test\IPC$ ioctl error in
> smb2_get_dfs_refer rc=-22
> Sep 5 12:38:11 pc1labinf17 kernel: [ 322.016522] CIFS VFS:
> cifs_mount failed w/return code = -2
>
> clearly i've tried some vers= and sec= combination, with no clue.
>
>
> If i use pam_mkhome (eg, i create the home instead of mountin it)
> clearly i can login (so PAM, NSS/Winbind and kerberos are setup
> correctly), and via nautilus i can mount the share, the system
> does not ask the passord (so i suppose they use kerberos).
>
>
> Some hint on how to debug this? Thanks.
>
> --
> dott. Marco Gaiarin GNUPG
> Key ID: 240A3D66
> Associazione ``La Nostra Famiglia''
> http://www.lanostrafamiglia.it/
> Polo FVG - Via della Bontà, 7 - 33078 - San Vito al
> Tagliamento (PN)
> marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711
> f +39-0434-842797
>
> Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
> http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list