Problem mounting shares using mount.cifs

Julian Thomé frostisch at yahoo.de
Thu Sep 24 09:32:48 EDT 2009


Hello mailing list,

I have a problem mounting samba-shares using mount.cifs with kerberos 
authentication.

A snippet of the samba-configuration-file with the important kerberos 
option is as follows:

 >8-------------------------------------------smb.conf
[global]
       client use spnego = yes
       security = user
       realm = REALM
      ...
       use kerberos keytab = yes
      ...
       wins support = yes
       domain logons = yes
       domain master = yes

-----------------------------------------------------8<


A snippet of the kerberos-configuration-file is as follows:

 >8-------------------------------------------krb5.conf
[libdefaults]
       default_realm = REALM

[realms]
       REALM = {
               kdc = ...
               admin_server = ...
       }

[domain_realm]
       .intern.kmux.de = REALM

[kdc]
       database = {
               realm = REALM
               dbname = ldap:ou=Benutzer,dc=kmux,dc=de
               hdb-ldap-structural-object = inetOrgPerson
               acl-file = /etc/heimdal-kdc/kadmind.acl
               mkey_file = /var/lib/heimdal-kdc/m-key
       }

[logging]
       kdc = FILE:/var/log/krb5kdc.log
       admin_server = FILE:/var/log/kadmin.log
       default = FILE:/var/log/krb5default.log

[appdefaults]
       pam = {
               ticket_lifetime = 1d
               renew_lifetime = 1d
               forwardable = true
               proxiable = true
       }
-----------------------------------------------------8<

The /etc/request-key.conf -file on the Client has the following content:

 >8------------------------------------request-key.conf
create  cifs.spnego    * * /usr/sbin/cifs.upcall -c %k
create  dns_resolver   * * /usr/sbin/cifs.upcall %k
-----------------------------------------------------8<

After login i receive a ticket, but if i want to mount a share with the 
command:
mount.cifs //sambaserver//public /home/admin/test -o sec=krb5
an error occurs with the error message:
   mount error (126): Required key not available

the full dmesg:

 >8------------------------------------dmesg
[  658.349644]  fs/cifs/cifsfs.c: Devname: //sambaserver/public flags: 64
[  658.349644]  fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 18 
with uid: 0
[  658.349644]  fs/cifs/connect.c: Username: admin
[  658.349644]  fs/cifs/connect.c: UNC: \\sambaserver\public ip: 
192.168.32.22
[  658.349644]  fs/cifs/connect.c: Socket created
[  658.349644]  fs/cifs/connect.c: sndbuf 655360 rcvbuf 873800 rcvtimeo 
0x7fffffff
[  658.349644]  fs/cifs/connect.c: Existing smb sess not found
[  658.565617]  fs/cifs/connect.c: Demultiplex PID: 5409
[  658.349644]  fs/cifs/cifssmb.c: secFlags 0x8
[  658.349644]  fs/cifs/cifssmb.c: Kerberos only mechanism, enable 
extended security
[  658.349644]  fs/cifs/transport.c: For smb_command 114
[  658.349644]  fs/cifs/transport.c: Sending smb of length 78
[  658.569617]  fs/cifs/connect.c: rfc1002 length 0xbf
[  658.569617]  fs/cifs/cifssmb.c: Dialect: 2
[  658.569617]  fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
[  658.569617]  fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
[  658.569617]  fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
[  658.569617]  fs/cifs/asn1.c: Need to call asn1_octets_decode() 
function for cifs/sambaserver at REALM
[  658.569617]  fs/cifs/cifssmb.c: Signing disabled
[  658.569617]  fs/cifs/cifssmb.c: negprot rc 0
[  658.569617]  fs/cifs/connect.c: Security Mode: 0x3 Capabilities: 
0x8080e3fd TimeAdjust: -7200
[  658.569617]  fs/cifs/sess.c: sess setup type 6
[  658.569617]  fs/cifs/cifs_spnego.c: key description = 
ver=0x1;host=sambaserver;ip4=192.168.32.22;sec=krb5;uid=0x0;user=admin
[  658.569617]  fs/cifs/sess.c: ssetup freeing small buf f7bb7740
[  658.569617]  CIFS VFS: Send error in SessSetup = -126
[  658.705643]  fs/cifs/connect.c: No session or bad tcon
[  658.705643]  fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 
18) rc = -126
[  658.705643]  CIFS VFS: cifs_mount failed w/return code = -126
-----------------------------------------------------8<


The principal cifs/sambaserver exists.

It would be very nice if someone could help me and/or explain this error 
to me ;-)

Thank you in advance !!



		
___________________________________________________________ 
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de




More information about the Kerberos mailing list