[Samba] mount.cifs and sec=krb5
Hello fellow Samba folks, I am attempting to mount a cifs share on a RHEL 5 box using mount.cifs. The server is another RHEL 5 box. Both boxes are joined to the same Kerberos realm (AD). I kinit to get my Kerberos tickets. This is the mount command I'm using: mount.cifs //rhel5.server.iastate.edu/benvon ./mnt -o user=benvon,sec=krb5 This results in a password prompt, then a permission denied message (even if the password was correct). The interesting thing to see is the log on the server (log level 10 excerpt): [2007/05/04 15:10:30, 3] smbd/sesssetup.c:reply_sesssetup_and_X(1010) sesssetupX:name=[]\[湥潶n䰀湩硵瘠牥楳湯㈠㘮 ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x]@ [129.186.196.8] [2007/05/04 15:10:30, 6] param/loadparm.c:lp_file_list_changed(3001) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Fri May 4 10:59:44 2007 [2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info_map(161) make_user_info_map: Mapping user []\[湥潶n䰀湩硵瘠牥楳湯 ㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x] from workstation [129.186.196.8] [2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(75) attempting to make a user_info for 湥潶n䰀湩硵瘠牥楳湯㈠ 㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x (湥潶n 䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥 ⁴潦楌畮x) [2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(85) making strings for 湥潶n䰀湩硵瘠牥楳湯㈠㘮 ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x's user_info struct [2007/05/04 15:10:30, 5] auth/auth_util.c:make_user_info(117) making blobs for 湥潶n䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱ 汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x's user_info struct [2007/05/04 15:10:30, 10] auth/auth_util.c:make_user_info(135) made an encrypted user_info for 湥潶n䰀湩硵瘠牥楳湯㈠㘮 ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦楌畮x (湥潶n䰀 湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴ 潦楌畮x) [2007/05/04 15:10:30, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user []\[湥潶 n䰀湩硵瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥 [EMAIL PROTECTED] with the new password interface [2007/05/04 15:10:30, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [IASTATE]\[湥潶n䰀湩硵 瘠牥楳湯㈠㘮ㄮⴸ⸸⸱⸱汥5䥃卆嘠卆䌠楬湥⁴潦 [EMAIL PROTECTED] Yah Anyway, when leaving off the sec=krb5 or setting sec=ntlmv2, everything works as expected. smbclient -k works as expected. Does anyone have any advice? I can produce as much logging as may be needed. If this isn't the proper place to be asking questions about mount.cifs, please redirect me. Many Thanks, Ben Vaughan, RHCE Engineering Computing Support Services Iowa State University [EMAIL PROTECTED] To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mount.cifs and sec=krb5
On Fri, 2007-05-04 at 15:17 -0500, Ben Vaughan wrote: Hello fellow Samba folks, I am attempting to mount a cifs share on a RHEL 5 box using mount.cifs. The server is another RHEL 5 box. Both boxes are joined to the same Kerberos realm (AD). I kinit to get my Kerberos tickets. This is the mount command I'm using: mount.cifs //rhel5.server.iastate.edu/benvon ./mnt -o user=benvon,sec=krb5 [..] Does anyone have any advice? I can produce as much logging as may be needed. Ben, the kernel module do not yet support kerberos, that's the problem. If this isn't the proper place to be asking questions about mount.cifs, please redirect me. mount.cifs is fine, it is the kernel module that is still not complete (wrt kerberos), you may ask info on the cifs module to [EMAIL PROTECTED] Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mount.cifs and sec=krb5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben, I am attempting to mount a cifs share on a RHEL 5 box using mount.cifs. The server is another RHEL 5 box. Both boxes are joined to the same Kerberos realm (AD). I kinit to get my Kerberos tickets. This is the mount command I'm using: mount.cifs //rhel5.server.iastate.edu/benvon ./mnt -o user=benvon,sec=krb5 The cifs.ko krb5 support does not work right now. You can find more details (inlcuding a list ot the cifs client ml at http://linux-cifs.samba.org/ We're working on it. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGO6GYIR7qMdg1EfYRAm1/AJ9VAHGTuTQKUcUQCAbrVGxVZzTdFACglbhH lnfmt5e1T2aSi4oNnSnhjyQ= =yMyD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] mount.cifs and sec=krb5
Thanks to simo and Jerry for their excellent responses. Ben Ben Vaughan, RHCE Engineering Computing Support Services Iowa State University [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald (Jerry) Carter Sent: Friday, May 04, 2007 4:12 PM To: Ben Vaughan Cc: Samba Subject: Re: [Samba] mount.cifs and sec=krb5 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben, I am attempting to mount a cifs share on a RHEL 5 box using mount.cifs. The server is another RHEL 5 box. Both boxes are joined to the same Kerberos realm (AD). I kinit to get my Kerberos tickets. This is the mount command I'm using: mount.cifs //rhel5.server.iastate.edu/benvon ./mnt -o user=benvon,sec=krb5 The cifs.ko krb5 support does not work right now. You can find more details (inlcuding a list ot the cifs client ml at http://linux-cifs.samba.org/ We're working on it. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGO6GYIR7qMdg1EfYRAm1/AJ9VAHGTuTQKUcUQCAbrVGxVZzTdFACglbhH lnfmt5e1T2aSi4oNnSnhjyQ= =yMyD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
