Problem mounting shares using mount.cifs
Julian Thomé
frostisch at yahoo.de
Thu Sep 24 09:32:48 EDT 2009
Hello mailing list,
I have a problem mounting samba-shares using mount.cifs with kerberos
authentication.
A snippet of the samba-configuration-file with the important kerberos
option is as follows:
>8-------------------------------------------smb.conf
[global]
client use spnego = yes
security = user
realm = REALM
...
use kerberos keytab = yes
...
wins support = yes
domain logons = yes
domain master = yes
-----------------------------------------------------8<
A snippet of the kerberos-configuration-file is as follows:
>8-------------------------------------------krb5.conf
[libdefaults]
default_realm = REALM
[realms]
REALM = {
kdc = ...
admin_server = ...
}
[domain_realm]
.intern.kmux.de = REALM
[kdc]
database = {
realm = REALM
dbname = ldap:ou=Benutzer,dc=kmux,dc=de
hdb-ldap-structural-object = inetOrgPerson
acl-file = /etc/heimdal-kdc/kadmind.acl
mkey_file = /var/lib/heimdal-kdc/m-key
}
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5default.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = true
}
-----------------------------------------------------8<
The /etc/request-key.conf -file on the Client has the following content:
>8------------------------------------request-key.conf
create cifs.spnego * * /usr/sbin/cifs.upcall -c %k
create dns_resolver * * /usr/sbin/cifs.upcall %k
-----------------------------------------------------8<
After login i receive a ticket, but if i want to mount a share with the
command:
mount.cifs //sambaserver//public /home/admin/test -o sec=krb5
an error occurs with the error message:
mount error (126): Required key not available
the full dmesg:
>8------------------------------------dmesg
[ 658.349644] fs/cifs/cifsfs.c: Devname: //sambaserver/public flags: 64
[ 658.349644] fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 18
with uid: 0
[ 658.349644] fs/cifs/connect.c: Username: admin
[ 658.349644] fs/cifs/connect.c: UNC: \\sambaserver\public ip:
192.168.32.22
[ 658.349644] fs/cifs/connect.c: Socket created
[ 658.349644] fs/cifs/connect.c: sndbuf 655360 rcvbuf 873800 rcvtimeo
0x7fffffff
[ 658.349644] fs/cifs/connect.c: Existing smb sess not found
[ 658.565617] fs/cifs/connect.c: Demultiplex PID: 5409
[ 658.349644] fs/cifs/cifssmb.c: secFlags 0x8
[ 658.349644] fs/cifs/cifssmb.c: Kerberos only mechanism, enable
extended security
[ 658.349644] fs/cifs/transport.c: For smb_command 114
[ 658.349644] fs/cifs/transport.c: Sending smb of length 78
[ 658.569617] fs/cifs/connect.c: rfc1002 length 0xbf
[ 658.569617] fs/cifs/cifssmb.c: Dialect: 2
[ 658.569617] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
[ 658.569617] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
[ 658.569617] fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
[ 658.569617] fs/cifs/asn1.c: Need to call asn1_octets_decode()
function for cifs/sambaserver at REALM
[ 658.569617] fs/cifs/cifssmb.c: Signing disabled
[ 658.569617] fs/cifs/cifssmb.c: negprot rc 0
[ 658.569617] fs/cifs/connect.c: Security Mode: 0x3 Capabilities:
0x8080e3fd TimeAdjust: -7200
[ 658.569617] fs/cifs/sess.c: sess setup type 6
[ 658.569617] fs/cifs/cifs_spnego.c: key description =
ver=0x1;host=sambaserver;ip4=192.168.32.22;sec=krb5;uid=0x0;user=admin
[ 658.569617] fs/cifs/sess.c: ssetup freeing small buf f7bb7740
[ 658.569617] CIFS VFS: Send error in SessSetup = -126
[ 658.705643] fs/cifs/connect.c: No session or bad tcon
[ 658.705643] fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid =
18) rc = -126
[ 658.705643] CIFS VFS: cifs_mount failed w/return code = -126
-----------------------------------------------------8<
The principal cifs/sambaserver exists.
It would be very nice if someone could help me and/or explain this error
to me ;-)
Thank you in advance !!
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
More information about the Kerberos
mailing list