Cron job running rsync can't access kerberized CIFS share
Doug Clow
doug.clow at dashbox.com
Wed Sep 11 18:16:33 EDT 2013
Hello,
I am having some trouble with kerberized cifs shares. I've tried troubleshooting over at the cifs list but haven't been able to find a solution and was wondering if anyone here had an idea of what might be happening.
To summarize, I am mounting a cifs share on a Centos 6.4 linux machine. If I ssh into the box I can access the share fine. Also Apache running on the same server can access the share fine. What doesn't work is me running rsync from a cron job or this package I have called Subversion Edge running its backup function to that share.
Centos 6.4 server hosts the cifs share
KDC is MS Active Directory
CIFS server is MS Windows 2012 DFS
I use kstart to keep my TGT active. Kstart gets the TGT by using the system keytab at /etc/krb5.keytab which has the machine account ie hostname$@REALM.COM. The ticket cache is located at /tmp/krb5cc_0. I've tried using autofs to mount the share and also manually mounting using mount.cifs. While I can traverse the mounted share using both root and user accounts if cron runs as root and tries to rsync I get the error:
rsync: ERROR: cannot stat destination "/mnt/dfs/backups/": Key has been revoked (128)
If I run the same rsync command from ssh it runs fine. I've tried disabling SELinux but it didn't change. Can anyone think of a reason why the cron job can't access the krb5 authenticated cifs share?
Thanks,
Doug
More information about the Kerberos
mailing list