On Fri, 09 Jan 2015, John Obaterspok wrote:
2015-01-09 10:11 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>:
On Fedora 21 we have /etc/request-key.d/cifs.upcall.conf and
/etc/request-key.d/cifs.idmap.conf to allow kernel to properly fetch
Kerberos keys and map IDs of CIFS identities. These configurations are
part of cifs-utils package which also supplies mount.cifs.
I have no /etc/request-key.d/cifs.upcall.conf on my F21. Is it suppose to
be there?
No, it was my fault, forgetting the actual name -- it is
cifs.spnego.conf that you have listed below:
This is what I have:
[root@ipaserver etc]# cat request-key.conf
###############################################################################
# .... snip ....
################################################################################
#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...
#====== ======= =============== ===============
===============================
create dns_resolver * * /sbin/key.dns_resolver %k
create user debug:* negate /bin/keyctl negate %k 30 %S
create user debug:* rejected /bin/keyctl reject %k 30 %c
%S
create user debug:* expired /bin/keyctl reject %k 30 %c
%S
create user debug:* revoked /bin/keyctl reject %k 30 %c
%S
create user debug:loop:* * |/bin/cat
create user debug:* *
/usr/share/keyutils/request-key-debug.sh %k %d %c %S
negate * * * /bin/keyctl negate %k 30 %S
[root@ipaserver etc]# ls request-key.d/
cifs.idmap.conf cifs.spnego.conf id_resolver.conf
[root@ipaserver etc]# cat request-key.d/cifs.idmap.conf
create cifs.idmap * * /usr/sbin/cifs.idmap %k
[root@ipaserver etc]# cat request-key.d/cifs.spnego.conf
create cifs.spnego * * /usr/sbin/cifs.upcall %k
So if you have all these configs right, can you add --verbose to
mount.cifs arguments _before_ -o options?
mount -t cifs //ipaserver.MY.LAN/TheShare --verbose -o sec=krb5
and you can enable debugging before mounting in /proc/fs/cifs/, see
https://wiki.samba.org/index.php/LinuxCIFS_troubleshooting
--
/ Alexander Bokovoy
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project