[Bug 1130781] [NEW] Can't mount samba share with krb/multiuser at bootup in fstab
Robstarusa
rob at naseca.net
Wed Feb 20 17:03:39 UTC 2013
Public bug reported:
I have the following setup:
A samba server on Ubuntu 12.04, and a samba client on 12.04
My fstab line looks as follows:
//cifserver.mydomain.com/data /data cifs cache=strict,sec=krb5,multiuser,acl,user=SERVERNAME$ 0 0
The client name is: servername.mydomain.com
The cifs server name is: cifserver.mydomain.com
I'm using windbind with idmap_rid to enumerate uids & gids.
I have joined both servers to the domain and created a krb5.keytab.
After the system has booted, I can login as root via ssh key & run
"mount /data" as root (no kerberos tickets) and the share WILL mount &
work properly and I'm assigned a kerberos default:principal of
servername$mydomain.com , a krbtgt & a cifs/server service ticket. It
works. Multiuser permissions work as well (very cool).
If I try to have this work via fstab, it does NOT work with the
following cifs.upcall errors:
> cifs.upcall: key description: cifs.spnego;0;0;3f000000;ver=0x2;host=cifserver.mydomain.com;ip4=10.1.5.16;sec=krb5;uid=0x0;creduid=0x0;user=SERVERNAME$;pid=0x2c7
> cifs.upcall: ver=2
> cifs.upcall: host=cifserver.mydomain.com
> cifs.upcall: ip=10.1.5.16
> cifs.upcall: sec=1
> cifs.upcall: uid=0
> cifs.upcall: creduid=0
> cifs.upcall: user=SERVERNAME$
> cifs.upcall: pid=711
> cifs.upcall: krb5_get_init_creds_keytab: -1765328347
> cifs.upcall: handle_krb5_mech: getting service ticket for cifs/cifserver.mydomain.com
> cifs.upcall: cifs_krb5_get_req: unable to resolve (null) to ccache
> cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328245)
> cifs.upcall: handle_krb5_mech: getting service ticket for host/cifserver.mydomain.com
> cifs.upcall: cifs_krb5_get_req: unable to resolve (null) to ccache
> cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328245)
I've reported this to the linux kernel cifs list & it seems that the
cifs share is trying to mount prior to the system being ready.
For this reason I've assigned this to upstart. If this should belong to
another package, feel free to move it. This is my best guess.
Please see the final response/dermination here:
http://article.gmane.org/gmane.linux.kernel.cifs/7832
You can also see the thread here (sorry I don't know another way to show just this thread on the mailing list)
First post: http://article.gmane.org/gmane.linux.kernel.cifs/7821
second post: http://article.gmane.org/gmane.linux.kernel.cifs/7830
Third post: http://article.gmane.org/gmane.linux.kernel.cifs/7831
Fourth Post: http://article.gmane.org/gmane.linux.kernel.cifs/7832
Thanks for looking into this. If there is a more proper way/place to
have auto-mounted cifs mounts with kerberos credentials mounted at
startup, please advise. I need this share up at boot even if nobody has
logged in so that automated jobs & other services can run.
** Affects: upstart (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to upstart in Ubuntu.
https://bugs.launchpad.net/bugs/1130781
Title:
Can't mount samba share with krb/multiuser at bootup in fstab
Status in “upstart” package in Ubuntu:
New
Bug description:
I have the following setup:
A samba server on Ubuntu 12.04, and a samba client on 12.04
My fstab line looks as follows:
//cifserver.mydomain.com/data /data cifs cache=strict,sec=krb5,multiuser,acl,user=SERVERNAME$ 0 0
The client name is: servername.mydomain.com
The cifs server name is: cifserver.mydomain.com
I'm using windbind with idmap_rid to enumerate uids & gids.
I have joined both servers to the domain and created a krb5.keytab.
After the system has booted, I can login as root via ssh key & run
"mount /data" as root (no kerberos tickets) and the share WILL mount &
work properly and I'm assigned a kerberos default:principal of
servername$mydomain.com , a krbtgt & a cifs/server service ticket. It
works. Multiuser permissions work as well (very cool).
If I try to have this work via fstab, it does NOT work with the
following cifs.upcall errors:
> cifs.upcall: key description: cifs.spnego;0;0;3f000000;ver=0x2;host=cifserver.mydomain.com;ip4=10.1.5.16;sec=krb5;uid=0x0;creduid=0x0;user=SERVERNAME$;pid=0x2c7
> cifs.upcall: ver=2
> cifs.upcall: host=cifserver.mydomain.com
> cifs.upcall: ip=10.1.5.16
> cifs.upcall: sec=1
> cifs.upcall: uid=0
> cifs.upcall: creduid=0
> cifs.upcall: user=SERVERNAME$
> cifs.upcall: pid=711
> cifs.upcall: krb5_get_init_creds_keytab: -1765328347
> cifs.upcall: handle_krb5_mech: getting service ticket for cifs/cifserver.mydomain.com
> cifs.upcall: cifs_krb5_get_req: unable to resolve (null) to ccache
> cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328245)
> cifs.upcall: handle_krb5_mech: getting service ticket for host/cifserver.mydomain.com
> cifs.upcall: cifs_krb5_get_req: unable to resolve (null) to ccache
> cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328245)
I've reported this to the linux kernel cifs list & it seems that the
cifs share is trying to mount prior to the system being ready.
For this reason I've assigned this to upstart. If this should belong
to another package, feel free to move it. This is my best guess.
Please see the final response/dermination here:
http://article.gmane.org/gmane.linux.kernel.cifs/7832
You can also see the thread here (sorry I don't know another way to show just this thread on the mailing list)
First post: http://article.gmane.org/gmane.linux.kernel.cifs/7821
second post: http://article.gmane.org/gmane.linux.kernel.cifs/7830
Third post: http://article.gmane.org/gmane.linux.kernel.cifs/7831
Fourth Post: http://article.gmane.org/gmane.linux.kernel.cifs/7832
Thanks for looking into this. If there is a more proper way/place to
have auto-mounted cifs mounts with kerberos credentials mounted at
startup, please advise. I need this share up at boot even if nobody
has logged in so that automated jobs & other services can run.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/1130781/+subscriptions
More information about the foundations-bugs
mailing list