Re: [Freeipa-users] Mount cifs share using kerberos

Fri, 09 Jan 2015 13:57:12 -0800 

2015-01-09 18:12 GMT+01:00 Alexander Bokovoy <aboko...@redhat.com>
>
> So if you have all these configs right, can you add --verbose to
> mount.cifs arguments _before_ -o options?
>
> mount -t cifs //ipaserver.MY.LAN/TheShare --verbose -o sec=krb5
>
> and you can enable debugging before mounting in /proc/fs/cifs/, see
> https://wiki.samba.org/index.php/LinuxCIFS_troubleshooting
> --
>

[john@ipaserver ~]$ rpm -q cifs-utils
cifs-utils-6.4-2.fc21.x86_64

[john@ipaserver mnt]# su root
[root@ipaserver mnt]# kdestroy
[root@ipaserver mnt]# kinit admin
[root@ipaserver mnt]# klist
Ticket cache: KEYRING:persistent:1434400004:krb_ccache_As3C1bl
Default principal: ad...@my.lan

Valid starting       Expires              Service principal
2015-01-09 22:40:37  2015-01-10 22:40:32  krbtgt/my....@my.lan

[root@ipaserver mnt]#
[root@ipaserver mnt]# mount -t cifs //ipaserver.MY.LAN/TheShare --verbose
-o sec=krb5 mointpoint
mount.cifs kernel mount options:
ip=192.168.0.103,unc=\\ipaserver.MY.LAN\TheShare,sec=krb5,user=john,pass=********
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

[fre jan  9 22:40:15 2015] CIFS VFS: Send error in SessSetup = -126
[fre jan  9 22:40:15 2015] CIFS VFS: cifs_mount failed w/return code = -126
[fre jan  9 22:40:49 2015] CIFS VFS: Send error in SessSetup = -126
[fre jan  9 22:40:49 2015] CIFS VFS: cifs_mount failed w/return code = -126
[fre jan  9 22:42:30 2015] fs/cifs/cifsfs.c: Devname:
//ipaserver.MY.LAN/TheShare flags: 0
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: Username: john
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: file mode: 0x1ed  dir mode:
0x1ed
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: CIFS VFS: in cifs_mount as
Xid: 6 with uid: 0
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: UNC:
\\ipaserver.MY.LAN\TheShare
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: Socket created
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: sndbuf 16384 rcvbuf 87380
rcvtimeo 0x1b58
[fre jan  9 22:42:30 2015] fs/cifs/fscache.c:
cifs_fscache_get_client_cookie: (0xffff88007a28dc00/0xffff8800736ee000)
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses
as Xid: 7 with uid: 0
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: Existing smb sess not found
[fre jan  9 22:42:30 2015] fs/cifs/cifssmb.c: Requesting extended security.
[fre jan  9 22:42:30 2015] fs/cifs/transport.c: For smb_command 114
[fre jan  9 22:42:30 2015] fs/cifs/transport.c: Sending smb: smb_len=78
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: Demultiplex PID: 20875
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: RFC1002 header 0xb5
[fre jan  9 22:42:30 2015] fs/cifs/misc.c: checkSMB Length: 0xb9,
smb_buf_length: 0xb5
[fre jan  9 22:42:30 2015] fs/cifs/transport.c: cifs_sync_mid_result:
cmd=114 mid=1 state=4
[fre jan  9 22:42:30 2015] fs/cifs/cifssmb.c: Dialect: 2
[fre jan  9 22:42:30 2015] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348
0xbb92
[fre jan  9 22:42:30 2015] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348
0x1bb92
[fre jan  9 22:42:30 2015] fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6
0x1
[fre jan  9 22:42:30 2015] fs/cifs/cifssmb.c: negprot rc 0
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: Security Mode: 0x3
Capabilities: 0x8080f3fd TimeAdjust: -3600
[fre jan  9 22:42:30 2015] fs/cifs/sess.c: sess setup type 5
[fre jan  9 22:42:30 2015] fs/cifs/cifs_spnego.c: key description =
ver=0x2;host=ipaserver.MY.LAN;ip4=192.168.0.103;sec=krb5;uid=0x0;creduid=0x0;user=john;pid=0x5188
[fre jan  9 22:42:30 2015] CIFS VFS: Send error in SessSetup = -126
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: CIFS VFS: leaving
cifs_get_smb_ses (xid = 7) rc = -126
[fre jan  9 22:42:30 2015] fs/cifs/fscache.c:
cifs_fscache_release_client_cookie: (0xffff88007a28dc00/0xffff8800736ee000)
[fre jan  9 22:42:30 2015] fs/cifs/connect.c: CIFS VFS: leaving cifs_mount
(xid = 6) rc = -126
[fre jan  9 22:42:30 2015] CIFS VFS: cifs_mount failed w/return code = -126

Is it okay that the verbose output says sec=krb5,user=john,pass=******** I
did su from john...

-- john

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to