Problem mounting shares using mount.cifsl
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
Problem mounting shares using mount.cifsl
by Julian Thomé
::
Rate this Message:
Hello mailing list,
I have a problem mounting samba-shares using mount.cifs with kerberos authentication. A snippet of the samba-configuration-file with the important kerberos option is as follows: >8-------------------------------------------smb.conf [global] client use spnego = yes security = user realm = REALM ... use kerberos keytab = yes ... wins support = yes domain logons = yes domain master = yes -----------------------------------------------------8< A snippet of the kerberos-configuration-file is as follows: >8-------------------------------------------krb5.conf [libdefaults] default_realm = REALM [realms] REALM = { kdc = ... admin_server = ... } [domain_realm] .intern.kmux.de = REALM [kdc] database = { realm = REALM dbname = ldap:ou=Benutzer,dc=kmux,dc=de hdb-ldap-structural-object = inetOrgPerson acl-file = /etc/heimdal-kdc/kadmind.acl mkey_file = /var/lib/heimdal-kdc/m-key } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5default.log [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = true } -----------------------------------------------------8< The /etc/request-key.conf -file on the Client has the following content: >8------------------------------------request-key.conf create cifs.spnego * * /usr/sbin/cifs.upcall -c %k create dns_resolver * * /usr/sbin/cifs.upcall %k -----------------------------------------------------8< After login i receive a ticket, but if i want to mount a share with the command: mount.cifs //sambaserver//public /home/admin/test -o sec=krb5 an error occurs with the error message: mount error (126): Required key not available the full dmesg: >8------------------------------------dmesg [ 658.349644] fs/cifs/cifsfs.c: Devname: //sambaserver/public flags: 64 [ 658.349644] fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 18 with uid: 0 [ 658.349644] fs/cifs/connect.c: Username: admin [ 658.349644] fs/cifs/connect.c: UNC: \\sambaserver\public ip: 192.168.32.22 [ 658.349644] fs/cifs/connect.c: Socket created [ 658.349644] fs/cifs/connect.c: sndbuf 655360 rcvbuf 873800 rcvtimeo 0x7fffffff [ 658.349644] fs/cifs/connect.c: Existing smb sess not found [ 658.565617] fs/cifs/connect.c: Demultiplex PID: 5409 [ 658.349644] fs/cifs/cifssmb.c: secFlags 0x8 [ 658.349644] fs/cifs/cifssmb.c: Kerberos only mechanism, enable extended security [ 658.349644] fs/cifs/transport.c: For smb_command 114 [ 658.349644] fs/cifs/transport.c: Sending smb of length 78 [ 658.569617] fs/cifs/connect.c: rfc1002 length 0xbf [ 658.569617] fs/cifs/cifssmb.c: Dialect: 2 [ 658.569617] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92 [ 658.569617] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92 [ 658.569617] fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1 [ 658.569617] fs/cifs/asn1.c: Need to call asn1_octets_decode() function for cifs/sambaserver@REALM [ 658.569617] fs/cifs/cifssmb.c: Signing disabled [ 658.569617] fs/cifs/cifssmb.c: negprot rc 0 [ 658.569617] fs/cifs/connect.c: Security Mode: 0x3 Capabilities: 0x8080e3fd TimeAdjust: -7200 [ 658.569617] fs/cifs/sess.c: sess setup type 6 [ 658.569617] fs/cifs/cifs_spnego.c: key description = ver=0x1;host=sambaserver;ip4=192.168.32.22;sec=krb5;uid=0x0;user=admin [ 658.569617] fs/cifs/sess.c: ssetup freeing small buf f7bb7740 [ 658.569617] CIFS VFS: Send error in SessSetup = -126 [ 658.705643] fs/cifs/connect.c: No session or bad tcon [ 658.705643] fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 18) rc = -126 [ 658.705643] CIFS VFS: cifs_mount failed w/return code = -126 -----------------------------------------------------8< The principal cifs/sambaserver exists. It would be very nice if someone could help me and/or explain this error to me ;-) Thank you in advance !! ___________________________________________________________ Der fr�he Vogel f�ngt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de _______________________________________________ linux-cifs-client mailing list linux-cifs-client@... https://lists.samba.org/mailman/listinfo/linux-cifs-client |
|
|
Re: Problem mounting shares using mount.cifsl
by Jeff Layton-2
::
Rate this Message:
On Fri, 25 Sep 2009 12:08:06 +0200
Julian Thomé <frostisch@...> wrote: > Hello mailing list, > I have a problem mounting samba-shares using mount.cifs with kerberos > authentication. > A snippet of the samba-configuration-file with the important kerberos > option is as follows: > >8-------------------------------------------smb.conf > [global] > client use spnego = yes > security = user > realm = REALM > ... > use kerberos keytab = yes > ... > wins support = yes > domain logons = yes > domain master = yes > -----------------------------------------------------8< > A snippet of the kerberos-configuration-file is as follows: > >8-------------------------------------------krb5.conf > [libdefaults] > default_realm = REALM > > [realms] > REALM = { > kdc = ... > admin_server = ... > } > > [domain_realm] > .intern.kmux.de = REALM > > [kdc] > database = { > realm = REALM > dbname = ldap:ou=Benutzer,dc=kmux,dc=de > hdb-ldap-structural-object = inetOrgPerson > acl-file = /etc/heimdal-kdc/kadmind.acl > mkey_file = /var/lib/heimdal-kdc/m-key > } > > [logging] > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmin.log > default = FILE:/var/log/krb5default.log > > [appdefaults] > pam = { > ticket_lifetime = 1d > renew_lifetime = 1d > forwardable = true > proxiable = true > } > -----------------------------------------------------8< > The /etc/request-key.conf -file on the Client has the following content: > >8------------------------------------request-key.conf > create cifs.spnego * * /usr/sbin/cifs.upcall -c %k > create dns_resolver * * /usr/sbin/cifs.upcall %k > -----------------------------------------------------8< > After login i receive a ticket, but if i want to mount a share with the > command: So you have pam.krb5 set up? Or are you kinit'ing manually? > mount.cifs //sambaserver//public /home/admin/test -o sec=krb5 > an error occurs with the error message: mount error (126): Required key > not available > > the full dmesg: > >8------------------------------------dmesg > [ 658.349644] fs/cifs/cifsfs.c: Devname: //sambaserver/public flags: 64 > [ 658.349644] fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 18 > with uid: 0 > [ 658.349644] fs/cifs/connect.c: Username: admin > [ 658.349644] fs/cifs/connect.c: UNC: \\sambaserver\public ip: > 192.168.32.22 > [ 658.349644] fs/cifs/connect.c: Socket created > [ 658.349644] fs/cifs/connect.c: sndbuf 655360 rcvbuf 873800 rcvtimeo > 0x7fffffff > [ 658.349644] fs/cifs/connect.c: Existing smb sess not found > [ 658.565617] fs/cifs/connect.c: Demultiplex PID: 5409 > [ 658.349644] fs/cifs/cifssmb.c: secFlags 0x8 > [ 658.349644] fs/cifs/cifssmb.c: Kerberos only mechanism, enable > extended security > [ 658.349644] fs/cifs/transport.c: For smb_command 114 > [ 658.349644] fs/cifs/transport.c: Sending smb of length 78 > [ 658.569617] fs/cifs/connect.c: rfc1002 length 0xbf > [ 658.569617] fs/cifs/cifssmb.c: Dialect: 2 > [ 658.569617] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92 > [ 658.569617] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92 > [ 658.569617] fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1 > [ 658.569617] fs/cifs/asn1.c: Need to call asn1_octets_decode() > function for cifs/sambaserver@REALM > [ 658.569617] fs/cifs/cifssmb.c: Signing disabled > [ 658.569617] fs/cifs/cifssmb.c: negprot rc 0 > [ 658.569617] fs/cifs/connect.c: Security Mode: 0x3 Capabilities: > 0x8080e3fd TimeAdjust: -7200 > [ 658.569617] fs/cifs/sess.c: sess setup type 6 > [ 658.569617] fs/cifs/cifs_spnego.c: key description = > ver=0x1;host=sambaserver;ip4=192.168.32.22;sec=krb5;uid=0x0;user=admin > [ 658.569617] fs/cifs/sess.c: ssetup freeing small buf f7bb7740 > [ 658.569617] CIFS VFS: Send error in SessSetup = -126 > [ 658.705643] fs/cifs/connect.c: No session or bad tcon > [ 658.705643] fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = > 18) rc = -126 > [ 658.705643] CIFS VFS: cifs_mount failed w/return code = -126 > -----------------------------------------------------8< > > The principal cifs/sambaserver exists. > It would be very nice if someone could help me and/or explain this error > to me ;-) > > Thank you in advance !! > It may be that you're using a non-default credcache location (i.e. $KRB5CCNAME is set). cifs.upcall just recently learned how to find those and support has not yet made it into most distros yet. If you run this, what does it say? $ klist | grep "Ticket cache:" -- Jeff Layton <jlayton@...> _______________________________________________ linux-cifs-client mailing list linux-cifs-client@... https://lists.samba.org/mailman/listinfo/linux-cifs-client |
|
|
Re: Problem mounting shares using mount.cifsl
by Julian Thomé
::
Rate this Message:
Hello Jeff,
thank you for answer ! > > ... If you run this, what does it say? > > $ klist | grep "Ticket cache:" > > If i run: $ klist | grep "Credentials cache" the output is for example: FILE:/tmp/krb5cc_1003_dmNst2 and/or running this command: $ echo $KRB5CCNAME has the same result: FILE:/tmp/krb5cc_1003_dmNst2 I use Debian Lenny with mount.cifs 1.12-3.3.7 and Samba 3.2.5. Greetings, Julian ___________________________________________________________ Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de _______________________________________________ linux-cifs-client mailing list linux-cifs-client@... https://lists.samba.org/mailman/listinfo/linux-cifs-client |
|
|
Re: Problem mounting shares using mount.cifsl
by Jeff Layton-4
::
Rate this Message:
On Mon, 28 Sep 2009 09:42:14 +0200
Julian Thomé <frostisch@...> wrote: > Hello Jeff, > > thank you for answer ! > > > > > ... If you run this, what does it say? > > > > $ klist | grep "Ticket cache:" > > > > > If i run: > $ klist | grep "Credentials cache" > the output is for example: > FILE:/tmp/krb5cc_1003_dmNst2 > > and/or running this command: > $ echo $KRB5CCNAME > has the same result: > FILE:/tmp/krb5cc_1003_dmNst2 > > I use Debian Lenny with mount.cifs 1.12-3.3.7 and Samba 3.2.5. > > Greetings, Julian > > That's probably the problem. cifs.upcall is looking for the default credcache (/tmp/krb5cc_1003). pam_krb5 tacks those extra characters on the end and sets $KRB5CCNAME. Support for non-default credcaches is something only very recently added to cifs.upcall. You'll need the latest version of cifs.upcall from the samba master branch. There's no official samba release that has that support yet, but it should show up in samba 3.5. -- Jeff Layton <jlayton@...> _______________________________________________ linux-cifs-client mailing list linux-cifs-client@... https://lists.samba.org/mailman/listinfo/linux-cifs-client |
|
|
Re: Problem mounting shares using mount.cifsl
by Julian Thomé
::
Rate this Message:
Hello Jeff,
> That's probably the problem. cifs.upcall is looking for the default > credcache (/tmp/krb5cc_1003). pam_krb5 tacks those extra characters on > the end and sets $KRB5CCNAME. > > Support for non-default credcaches is something only very recently > added to cifs.upcall. You'll need the latest version of cifs.upcall > from the samba master branch. There's no official samba release that > has that support yet, but it should show up in samba 3.5. > > I changed the location of the ccache (from krb5cc_$UID_XXXXX to the default ccache-location krb5cc_$UID) using the ccache-Option of the pam_krb5-Module in the common-auth -file. >8-------------------------------------/etc/pam.d/common-auth ... .... ///pam_krb5/.o /ccache/=/tmp/krb5cc_%u ... .... --------------------------------------------------------------8< It works now :-) Thank you very much !! Greetings Julian ___________________________________________________________ Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de _______________________________________________ linux-cifs-client mailing list linux-cifs-client@... https://lists.samba.org/mailman/listinfo/linux-cifs-client |
| Free embeddable forum powered by Nabble | Forum Help |
