[Samba] pam_mount in 'newer samba'...

L.P.H. van Belle belle at bazuin.nl
Mon Sep 7 07:26:57 UTC 2020 

Hai Marco, 

Is the UPN set for this server.  CIFS/hostnam.fqdn ? 
Does its A and PTR match with the "real" hostname? 

But i see : smb2_get_dfs_refer rc 
Not commenting on this expect... upgrade the servers.. ;-) 

Try : 
apt install keyutils   this might be missing and is needed for CIFS kerberos mounts

mount -t cifs -o user=USER,domain=DOMAIN,cruid=USER,sec=krb5,vers=3.0 //hostname.FQDN/share /mnt/tmp
mount -t cifs -o user=USER,domain=DOMAIN,cruid=USER,sec=krb5,vers=2.1 //hostname.FQDN/share /mnt/tmp

mount.cifs -o rw,user=user,pass=mypass,iocharset=utf8,sec=ntlm,vers=1.0 //hostname.FQDN /mnt/tmp 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: zondag 6 september 2020 22:23
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] pam_mount in 'newer samba'...
> 
> 
> Sorry for a rather 'unifornative' subject, but i've little o 
> no clue on
> this.
> 
> 
> I'm using at work 'pam_mount' with a rather standard configuration
> to mount via CIFS/SMB user's home directory, from a samba AD member
> server.
> This configuration is a bit 'old' (mint sonya, AKA Ubuntu 16.04 as a
> client, so samba 4.3; debian and samba 4.8 as a server), but work
> perfectly, probably i suppose because i'm still using SMB1.
> 
> 
> Now i'm trying to redo the same thing, but in a rather 'modern' setup:
> samba 4.10 or .11 as a server, ubuntu focal so samba 4.11 as a client.
> But i'm not able to make it work. Client side i catch in log:
> 
>  Sep  5 12:38:10 pc1labinf17 kernel: [  321.951616] FS-Cache: Loaded
>  Sep  5 12:38:11 pc1labinf17 kernel: [  321.968846] FS-Cache: 
> Netfs 'cifs' registered for caching
>  Sep  5 12:38:11 pc1labinf17 kernel: [  321.968963] Key type 
> cifs.spnego registered
>  Sep  5 12:38:11 pc1labinf17 kernel: [  321.968966] Key type 
> cifs.idmap registered
>  Sep  5 12:38:11 pc1labinf17 kernel: [  321.971289] CIFS: 
> Attempting to mount 
> //fileserver.ad.domain.test/Users/studente3.diprova
>  Sep  5 12:38:11 pc1labinf17 kernel: [  321.971312] No 
> dialect specified on mount. Default has changed to a more 
> secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS 
> (SMB1). To use the less secure SMB1 dialect to access old 
> servers which do not support SMB3 (or SMB2.1) specify 
> vers=1.0 on mount.
>  Sep  5 12:38:11 pc1labinf17 kernel: [  322.015963] CIFS VFS: 
>  BAD_NETWORK_NAME: \\fileserver.ad.domain.test\Users
>  Sep  5 12:38:11 pc1labinf17 kernel: [  322.016188] CIFS VFS: 
> \\fileserver.ad.domain.test\IPC$ ioctl error in 
> smb2_get_dfs_refer rc=-22
>  Sep  5 12:38:11 pc1labinf17 kernel: [  322.016522] CIFS VFS: 
> cifs_mount failed w/return code = -2
> 
> clearly i've tried some vers= and sec= combination, with no clue.
> 
> 
> If i use pam_mkhome (eg, i create the home instead of mountin it)
> clearly i can login (so PAM, NSS/Winbind and kerberos are setup
> correctly), and via nautilus i can mount the share, the system
> does not ask the passord (so i suppose they use kerberos).
> 
> 
> Some hint on how to debug this? Thanks.
> 
> -- 
> dott. Marco Gaiarin				        GNUPG 
> Key ID: 240A3D66
>   Associazione ``La Nostra Famiglia''          
> http://www.lanostrafamiglia.it/
>   Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al 
> Tagliamento (PN)
>   marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   
> f +39-0434-842797
> 
> 		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>       http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
> 	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list