CIFS mount and smbclient with krb5 not work with dfs namespace
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
CIFS mount and smbclient with krb5 not work with dfs namespace
by brice.rouanet
::
Rate this Message:
Hi,
I use pam mount to mount CIFS share from windows 2008 server with sec=krb5. If I use the DFS namespace it not work : [62131.983048] CIFS VFS: Send error in SessSetup = -126 [62131.983286] CIFS VFS: cifs_mount failed w/return code = -126 but with the serveur name it works; and with smbclient, I got with name space : r-gcgp-111-a12:~# smbclient -k //iut.iut-tlse3.fr/partage ads_krb5_mk_req: krb5_get_credentials failed for iut$@... (Server not found in Kerberos database) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Server not found in Kerberos database session setup failed: SUCCESS - 0 with server name : r-gcgp-111-a12:~# smbclient -k //p-cri-dc01.iut.iut-tlse3.fr/partage OS=[Windows Server (R) 2008 Enterprise 6001 Service Pack 1] Server=[Windows Server (R) 2008 Enterprise 6.0] smb: \> Here my pam_mount config wich work : <volume user="*" fstype="cifs" server="p-cri-dc01.iut.iut-tlse3.fr" path="partage/home/personnel/%(USER)" mountpoint="/home/%(USER)" options="sec=krb5,guest,iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid" /> and wich not work : <volume user="*" fstype="cifs" server="iut.iut-tlse3.fr" path="partage/home/personnel/%(USER)" mountpoint="/home/%(USER)" options="sec=krb5,guest,iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid" /> If I mount the share using nmespace without sec=krb5 it works, any idea ? Regards, Brice. **************************************** Brice Rouanet Technicien informatique Département Genie Chimique Centre de Ressources Informatiques **************************************** Tel : 05.62.25.89.19 **************************************** CRI - IUT "A" PAUL SABATIER 137, avenue de Rangueil BP67701 31077 TOULOUSE CEDEX 04 **************************************** ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. _______________________________________________ linux-cifs-client mailing list linux-cifs-client@... https://lists.samba.org/mailman/listinfo/linux-cifs-client |
|
|
Re: CIFS mount and smbclient with krb5 not work with dfs namespace
by Igor Mammedov
::
Rate this Message:
Hi Brice,
Most likely DFS root server returns in DFS referral a hostname that is not registered as principal in kerberos, hence a error you see. You could use ntlmv2 for this case or fix referral links in DFS tree to correct hostnames (i.e. registered in kerberos db). Here is the thread where this case was discussed: "Re: [PATCH] Add support for using server supplied principal (mic option)" brice.rouanet@... wrote: > Hi, > > I use pam mount to mount CIFS share from windows 2008 server with sec=krb5. > > If I use the DFS namespace it not work : > > [62131.983048] CIFS VFS: Send error in SessSetup = -126 > [62131.983286] CIFS VFS: cifs_mount failed w/return code = -126 > > but with the serveur name it works; and with smbclient, I got with name > space : > > r-gcgp-111-a12:~# smbclient -k //iut.iut-tlse3.fr/partage > ads_krb5_mk_req: krb5_get_credentials failed for iut$@... > (Server not found in Kerberos database) > cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Server not > found in Kerberos database > session setup failed: SUCCESS - 0 > > with server name : > > r-gcgp-111-a12:~# smbclient -k //p-cri-dc01.iut.iut-tlse3.fr/partage > OS=[Windows Server (R) 2008 Enterprise 6001 Service Pack 1] > Server=[Windows Server (R) 2008 Enterprise 6.0] > smb: \> > > > Here my pam_mount config wich work : > > <volume user="*" fstype="cifs" server="p-cri-dc01.iut.iut-tlse3.fr" > path="partage/home/personnel/%(USER)" mountpoint="/home/%(USER)" > options="sec=krb5,guest,iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid" > /> > > and wich not work : > > <volume user="*" fstype="cifs" server="iut.iut-tlse3.fr" > path="partage/home/personnel/%(USER)" mountpoint="/home/%(USER)" > options="sec=krb5,guest,iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid" > /> > > If I mount the share using nmespace without sec=krb5 it works, > any idea ? > > Regards, > Brice. > > **************************************** > Brice Rouanet > Technicien informatique > Département Genie Chimique > Centre de Ressources Informatiques > **************************************** > Tel : 05.62.25.89.19 > **************************************** > CRI - IUT "A" PAUL SABATIER > 137, avenue de Rangueil > BP67701 > 31077 TOULOUSE CEDEX 04 > **************************************** > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > > _______________________________________________ > linux-cifs-client mailing list > linux-cifs-client@... > https://lists.samba.org/mailman/listinfo/linux-cifs-client -- Best regards, ------------------------- Igor Mammedov, niallain "at" gmail.com _______________________________________________ linux-cifs-client mailing list linux-cifs-client@... https://lists.samba.org/mailman/listinfo/linux-cifs-client |
| Free embeddable forum powered by Nabble | Forum Help |
