Netapp and krb5

> Hi all,
>
> I resend this message to the list, the previous one is probably stuck
> in the moderation queue with thousands of spams ...
>
> I'm trying to mount a cifs share from a netapp 7.0.1.1 share to a
> linux box running Ubuntu 9.04 with sec=krb5 and a windows 2000 AD.
> But that's failing :
>
> [ 6924.132239]  /build/buildd/linux-2.6.28/fs/cifs/cifssmb.c: Dialect: 2
> [ 6924.132246]  /build/buildd/linux-2.6.28/fs/cifs/cifssmb.c: negprot rc -5
> [ 6924.132255]  /build/buildd/linux-2.6.28/fs/cifs/connect.c: CIFS
> VFS: leaving cifs_mount (xid = 3402) rc = -5
> [ 6924.132260]  CIFS VFS: cifs_mount failed w/return code = -5
>

> With the same setup I managed to mount a Win2003 and samba 3 shares
> with kerberos.
> Using smbclient -k or gvfs2 smb:// is ok with the Netapp share.
> I'm not root, mount.cifs have a correct suid.
> The /etc/request-key.conf is ok (and it's working with win2003 and samba 3)
> The machine account in the AD is the same as the reverse dns name.
> It's working fine with NTLM authentication.
>
> I'm running out of option, I could provide a network trace if you give
> me a private user email (I won't post that on the list).
>
> Please help,
>  Thomas Sondag

> On Wed, 26 Aug 2009 11:00:06 +0200
> Thomas Sondag <thomas.sondag@...> wrote:
>
>> Hi all,
>>
>> I resend this message to the list, the previous one is probably stuck
>> in the moderation queue with thousands of spams ...
>>
>> I'm trying to mount a cifs share from a netapp 7.0.1.1 share to a
>> linux box running Ubuntu 9.04 with sec=krb5 and a windows 2000 AD.
>> But that's failing :
>>
>> [ 6924.132239]  /build/buildd/linux-2.6.28/fs/cifs/cifssmb.c: Dialect: 2
>> [ 6924.132246]  /build/buildd/linux-2.6.28/fs/cifs/cifssmb.c: negprot rc -5
>> [ 6924.132255]  /build/buildd/linux-2.6.28/fs/cifs/connect.c: CIFS
>> VFS: leaving cifs_mount (xid = 3402) rc = -5
>> [ 6924.132260]  CIFS VFS: cifs_mount failed w/return code = -5
>>
>
> The Negotiate Protocol request failed. That's generally the first call
> that goes out on the wire on a new mount.
>
> -5 is -EIO, which is sort of a generic error. There were some alignment
> fixes that went into this codepath a few months ago (after 2.6.28). You
> may want to try a newer kernel.
>
> If that doesn't help, you can send me a capture and I'll take a look.
>
>> With the same setup I managed to mount a Win2003 and samba 3 shares
>> with kerberos.
>> Using smbclient -k or gvfs2 smb:// is ok with the Netapp share.
>> I'm not root, mount.cifs have a correct suid.
>> The /etc/request-key.conf is ok (and it's working with win2003 and samba 3)
>> The machine account in the AD is the same as the reverse dns name.
>> It's working fine with NTLM authentication.
>>
>> I'm running out of option, I could provide a network trace if you give
>> me a private user email (I won't post that on the list).
>>
>> Please help,
>>  Thomas Sondag
>
>
>
>
> --
> Jeff Layton <jlayton@...>
> _______________________________________________
> linux-cifs-client mailing list
> linux-cifs-client@...
> https://lists.samba.org/mailman/listinfo/linux-cifs-client
>