« Return to Thread: CIFS mount and smbclient with krb5 not work with dfs namespace
Re: CIFS mount and smbclient with krb5 not work with dfs namespace
by Igor Mammedov
::
Rate this Message:
Hi Brice,
Most likely DFS root server returns in DFS referral a hostname that is not
registered as principal in kerberos, hence a error you see. You could use
ntlmv2 for this case or fix referral links in DFS tree to correct hostnames
(i.e. registered in kerberos db).
Here is the thread where this case was discussed:
"Re: [PATCH] Add support for using server supplied principal (mic option)"
brice.rouanet@... wrote:
> Hi,
>
> I use pam mount to mount CIFS share from windows 2008 server with sec=krb5.
>
> If I use the DFS namespace it not work :
>
> [62131.983048] CIFS VFS: Send error in SessSetup = -126
> [62131.983286] CIFS VFS: cifs_mount failed w/return code = -126
>
> but with the serveur name it works; and with smbclient, I got with name
> space :
>
> r-gcgp-111-a12:~# smbclient -k //iut.iut-tlse3.fr/partage
> ads_krb5_mk_req: krb5_get_credentials failed for iut$@...
> (Server not found in Kerberos database)
> cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Server not
> found in Kerberos database
> session setup failed: SUCCESS - 0
>
> with server name :
>
> r-gcgp-111-a12:~# smbclient -k //p-cri-dc01.iut.iut-tlse3.fr/partage
> OS=[Windows Server (R) 2008 Enterprise 6001 Service Pack 1]
> Server=[Windows Server (R) 2008 Enterprise 6.0]
> smb: \>
>
>
> Here my pam_mount config wich work :
>
> <volume user="*" fstype="cifs" server="p-cri-dc01.iut.iut-tlse3.fr"
> path="partage/home/personnel/%(USER)" mountpoint="/home/%(USER)"
> options="sec=krb5,guest,iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid"
> />
>
> and wich not work :
>
> <volume user="*" fstype="cifs" server="iut.iut-tlse3.fr"
> path="partage/home/personnel/%(USER)" mountpoint="/home/%(USER)"
> options="sec=krb5,guest,iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid"
> />
>
> If I mount the share using nmespace without sec=krb5 it works,
> any idea ?
>
> Regards,
> Brice.
>
> ****************************************
> Brice Rouanet
> Technicien informatique
> Département Genie Chimique
> Centre de Ressources Informatiques
> ****************************************
> Tel : 05.62.25.89.19
> ****************************************
> CRI - IUT "A" PAUL SABATIER
> 137, avenue de Rangueil
> BP67701
> 31077 TOULOUSE CEDEX 04
> ****************************************
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> _______________________________________________
> linux-cifs-client mailing list
> linux-cifs-client@...
> https://lists.samba.org/mailman/listinfo/linux-cifs-client
--
Best regards,
-------------------------
Igor Mammedov,
niallain "at" gmail.com
_______________________________________________
linux-cifs-client mailing list
linux-cifs-client@...
https://lists.samba.org/mailman/listinfo/linux-cifs-client
Most likely DFS root server returns in DFS referral a hostname that is not
registered as principal in kerberos, hence a error you see. You could use
ntlmv2 for this case or fix referral links in DFS tree to correct hostnames
(i.e. registered in kerberos db).
Here is the thread where this case was discussed:
"Re: [PATCH] Add support for using server supplied principal (mic option)"
brice.rouanet@... wrote:
> Hi,
>
> I use pam mount to mount CIFS share from windows 2008 server with sec=krb5.
>
> If I use the DFS namespace it not work :
>
> [62131.983048] CIFS VFS: Send error in SessSetup = -126
> [62131.983286] CIFS VFS: cifs_mount failed w/return code = -126
>
> but with the serveur name it works; and with smbclient, I got with name
> space :
>
> r-gcgp-111-a12:~# smbclient -k //iut.iut-tlse3.fr/partage
> ads_krb5_mk_req: krb5_get_credentials failed for iut$@...
> (Server not found in Kerberos database)
> cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Server not
> found in Kerberos database
> session setup failed: SUCCESS - 0
>
> with server name :
>
> r-gcgp-111-a12:~# smbclient -k //p-cri-dc01.iut.iut-tlse3.fr/partage
> OS=[Windows Server (R) 2008 Enterprise 6001 Service Pack 1]
> Server=[Windows Server (R) 2008 Enterprise 6.0]
> smb: \>
>
>
> Here my pam_mount config wich work :
>
> <volume user="*" fstype="cifs" server="p-cri-dc01.iut.iut-tlse3.fr"
> path="partage/home/personnel/%(USER)" mountpoint="/home/%(USER)"
> options="sec=krb5,guest,iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid"
> />
>
> and wich not work :
>
> <volume user="*" fstype="cifs" server="iut.iut-tlse3.fr"
> path="partage/home/personnel/%(USER)" mountpoint="/home/%(USER)"
> options="sec=krb5,guest,iocharset=utf8,file_mode=0700,dir_mode=0700,nodev,nosuid"
> />
>
> If I mount the share using nmespace without sec=krb5 it works,
> any idea ?
>
> Regards,
> Brice.
>
> ****************************************
> Brice Rouanet
> Technicien informatique
> Département Genie Chimique
> Centre de Ressources Informatiques
> ****************************************
> Tel : 05.62.25.89.19
> ****************************************
> CRI - IUT "A" PAUL SABATIER
> 137, avenue de Rangueil
> BP67701
> 31077 TOULOUSE CEDEX 04
> ****************************************
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> _______________________________________________
> linux-cifs-client mailing list
> linux-cifs-client@...
> https://lists.samba.org/mailman/listinfo/linux-cifs-client
--
Best regards,
-------------------------
Igor Mammedov,
niallain "at" gmail.com
_______________________________________________
linux-cifs-client mailing list
linux-cifs-client@...
https://lists.samba.org/mailman/listinfo/linux-cifs-client
« Return to Thread: CIFS mount and smbclient with krb5 not work with dfs namespace
| Free embeddable forum powered by Nabble | Forum Help |
