2015-01-09 18:12 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com> > > So if you have all these configs right, can you add --verbose to > mount.cifs arguments _before_ -o options? > > mount -t cifs //ipaserver.MY.LAN/TheShare --verbose -o sec=krb5 > > and you can enable debugging before mounting in /proc/fs/cifs/, see > https://wiki.samba.org/index.php/LinuxCIFS_troubleshooting > -- >
[john@ipaserver ~]$ rpm -q cifs-utils cifs-utils-6.4-2.fc21.x86_64 [john@ipaserver mnt]# su root [root@ipaserver mnt]# kdestroy [root@ipaserver mnt]# kinit admin [root@ipaserver mnt]# klist Ticket cache: KEYRING:persistent:1434400004:krb_ccache_As3C1bl Default principal: ad...@my.lan Valid starting Expires Service principal 2015-01-09 22:40:37 2015-01-10 22:40:32 krbtgt/my....@my.lan [root@ipaserver mnt]# [root@ipaserver mnt]# mount -t cifs //ipaserver.MY.LAN/TheShare --verbose -o sec=krb5 mointpoint mount.cifs kernel mount options: ip=192.168.0.103,unc=\\ipaserver.MY.LAN\TheShare,sec=krb5,user=john,pass=******** mount error(126): Required key not available Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) [fre jan 9 22:40:15 2015] CIFS VFS: Send error in SessSetup = -126 [fre jan 9 22:40:15 2015] CIFS VFS: cifs_mount failed w/return code = -126 [fre jan 9 22:40:49 2015] CIFS VFS: Send error in SessSetup = -126 [fre jan 9 22:40:49 2015] CIFS VFS: cifs_mount failed w/return code = -126 [fre jan 9 22:42:30 2015] fs/cifs/cifsfs.c: Devname: //ipaserver.MY.LAN/TheShare flags: 0 [fre jan 9 22:42:30 2015] fs/cifs/connect.c: Username: john [fre jan 9 22:42:30 2015] fs/cifs/connect.c: file mode: 0x1ed dir mode: 0x1ed [fre jan 9 22:42:30 2015] fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 6 with uid: 0 [fre jan 9 22:42:30 2015] fs/cifs/connect.c: UNC: \\ipaserver.MY.LAN\TheShare [fre jan 9 22:42:30 2015] fs/cifs/connect.c: Socket created [fre jan 9 22:42:30 2015] fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380 rcvtimeo 0x1b58 [fre jan 9 22:42:30 2015] fs/cifs/fscache.c: cifs_fscache_get_client_cookie: (0xffff88007a28dc00/0xffff8800736ee000) [fre jan 9 22:42:30 2015] fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 7 with uid: 0 [fre jan 9 22:42:30 2015] fs/cifs/connect.c: Existing smb sess not found [fre jan 9 22:42:30 2015] fs/cifs/cifssmb.c: Requesting extended security. [fre jan 9 22:42:30 2015] fs/cifs/transport.c: For smb_command 114 [fre jan 9 22:42:30 2015] fs/cifs/transport.c: Sending smb: smb_len=78 [fre jan 9 22:42:30 2015] fs/cifs/connect.c: Demultiplex PID: 20875 [fre jan 9 22:42:30 2015] fs/cifs/connect.c: RFC1002 header 0xb5 [fre jan 9 22:42:30 2015] fs/cifs/misc.c: checkSMB Length: 0xb9, smb_buf_length: 0xb5 [fre jan 9 22:42:30 2015] fs/cifs/transport.c: cifs_sync_mid_result: cmd=114 mid=1 state=4 [fre jan 9 22:42:30 2015] fs/cifs/cifssmb.c: Dialect: 2 [fre jan 9 22:42:30 2015] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92 [fre jan 9 22:42:30 2015] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92 [fre jan 9 22:42:30 2015] fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1 [fre jan 9 22:42:30 2015] fs/cifs/cifssmb.c: negprot rc 0 [fre jan 9 22:42:30 2015] fs/cifs/connect.c: Security Mode: 0x3 Capabilities: 0x8080f3fd TimeAdjust: -3600 [fre jan 9 22:42:30 2015] fs/cifs/sess.c: sess setup type 5 [fre jan 9 22:42:30 2015] fs/cifs/cifs_spnego.c: key description = ver=0x2;host=ipaserver.MY.LAN;ip4=192.168.0.103;sec=krb5;uid=0x0;creduid=0x0;user=john;pid=0x5188 [fre jan 9 22:42:30 2015] CIFS VFS: Send error in SessSetup = -126 [fre jan 9 22:42:30 2015] fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 7) rc = -126 [fre jan 9 22:42:30 2015] fs/cifs/fscache.c: cifs_fscache_release_client_cookie: (0xffff88007a28dc00/0xffff8800736ee000) [fre jan 9 22:42:30 2015] fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 6) rc = -126 [fre jan 9 22:42:30 2015] CIFS VFS: cifs_mount failed w/return code = -126 Is it okay that the verbose output says sec=krb5,user=john,pass=******** I did su from john... -- john
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project