Cron job running rsync can't access kerberized CIFS share

Doug Clow doug.clow at dashbox.com
Wed Sep 11 18:16:33 EDT 2013


Hello,

I am having some trouble with kerberized cifs shares.  I've tried troubleshooting over at the cifs list but haven't been able to find a solution and was wondering if anyone here had an idea of what might be happening.   

To summarize, I am mounting a cifs share on a Centos 6.4 linux machine.  If I ssh into the box I can access the share fine.  Also Apache running on the same server can access the share fine.  What doesn't work is me running rsync from a cron job or this package I have called Subversion Edge running its backup function to that share.

Centos 6.4 server hosts the cifs share
KDC is MS Active Directory
CIFS server is MS Windows 2012 DFS

I use kstart to keep my TGT active.  Kstart gets the TGT by using the system keytab at /etc/krb5.keytab which has the machine account ie hostname$@REALM.COM.  The ticket cache is located at /tmp/krb5cc_0.  I've tried using autofs to mount the share and also manually mounting using mount.cifs.  While I can traverse the mounted share using both root and user accounts if cron runs as root and tries to rsync I get the error:

rsync: ERROR: cannot stat destination "/mnt/dfs/backups/": Key has been revoked (128)

If I run the same rsync command from ssh it runs fine.  I've tried disabling SELinux but it didn't change.  Can anyone think of a reason why the cron job can't access the krb5 authenticated cifs share?

Thanks,
Doug




More information about the Kerberos mailing list