[Bug 1592996] [NEW] attempting to use sec=krb5 causes mount.cifs to fail with error "invalid argument" even though it is still listed in the man page as an option

Matthew Pulliam mpulliam at exegy.com
Wed Jun 15 21:56:52 UTC 2016 

Public bug reported:

this bug is occurring currently with the following:
Description:	Ubuntu 14.04.4 LTS
Release:	14.04

cifs-utils:
  Installed: 2:6.0-1ubuntu2
  Candidate: 2:6.0-1ubuntu2
  Version table:
 *** 2:6.0-1ubuntu2 0
        500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
        100 /var/lib/dpkg/status

Process to test:

install ubuntu 14.04.4 run updates, 
install cifs-utils, 
install and configure Kerberos (in this case via sssd configured to connect to active directory and adcli to join the domain and generate a system keytab file)

kinit -k 
mount -t cifs -o sec=krb5 //smbserver.fqdn/sharename /path/to/mount
expected behaviour is either a successful mount or complaints about the keyfile or credentials if klist is not successful

what we get instead is:
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

as a test, the same command swapping out sec=krb5 to sec=nltm results in:
Password for USER@//smbserver.fqdn/sharename:

which if you enter valid credentials works.... however, the intended use
is krb5 to use autofs to automount with sec=krb5,rw,multiuser to allow
root to mount and users to write with their own kerberos credentials.
this used to work in 12.04 with some effort (there were problems with
what uid owned the kerberos cache files) now it just fails without even
trying.  Even though the man page still lists krb5 as a valid option.

additionally, using sec=krb5i results in:
mount error(524): Unknown error 524
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: cifs-utils 2:6.0-1ubuntu2
ProcVersionSignature: Ubuntu 4.2.0-38.45~14.04.1-generic 4.2.8-ckt10
Uname: Linux 4.2.0-38-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.21
Architecture: amd64
Date: Wed Jun 15 16:24:19 2016
InstallationDate: Installed on 2016-06-14 (1 days ago)
InstallationMedia: Ubuntu 14.04.4 LTS "Trusty Tahr" - Release amd64 (20160217.1)
ProcEnviron:
 LANGUAGE=en_US
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: cifs-utils
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: cifs-utils (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1592996

Title:
  attempting to use sec=krb5 causes mount.cifs to fail with error
  "invalid  argument" even though it is still listed in the man page as
  an option

Status in cifs-utils package in Ubuntu:
  New

Bug description:
  this bug is occurring currently with the following:
  Description:	Ubuntu 14.04.4 LTS
  Release:	14.04

  cifs-utils:
    Installed: 2:6.0-1ubuntu2
    Candidate: 2:6.0-1ubuntu2
    Version table:
   *** 2:6.0-1ubuntu2 0
          500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
          100 /var/lib/dpkg/status

  Process to test:

  install ubuntu 14.04.4 run updates, 
  install cifs-utils, 
  install and configure Kerberos (in this case via sssd configured to connect to active directory and adcli to join the domain and generate a system keytab file)

  kinit -k 
  mount -t cifs -o sec=krb5 //smbserver.fqdn/sharename /path/to/mount
  expected behaviour is either a successful mount or complaints about the keyfile or credentials if klist is not successful

  what we get instead is:
  mount error(22): Invalid argument
  Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

  as a test, the same command swapping out sec=krb5 to sec=nltm results in:
  Password for USER@//smbserver.fqdn/sharename:

  which if you enter valid credentials works.... however, the intended
  use is krb5 to use autofs to automount with sec=krb5,rw,multiuser to
  allow root to mount and users to write with their own kerberos
  credentials.  this used to work in 12.04 with some effort (there were
  problems with what uid owned the kerberos cache files) now it just
  fails without even trying.  Even though the man page still lists krb5
  as a valid option.

  additionally, using sec=krb5i results in:
  mount error(524): Unknown error 524
  Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: cifs-utils 2:6.0-1ubuntu2
  ProcVersionSignature: Ubuntu 4.2.0-38.45~14.04.1-generic 4.2.8-ckt10
  Uname: Linux 4.2.0-38-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.21
  Architecture: amd64
  Date: Wed Jun 15 16:24:19 2016
  InstallationDate: Installed on 2016-06-14 (1 days ago)
  InstallationMedia: Ubuntu 14.04.4 LTS "Trusty Tahr" - Release amd64 (20160217.1)
  ProcEnviron:
   LANGUAGE=en_US
   TERM=xterm
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: cifs-utils
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1592996/+subscriptions

More information about the foundations-bugs mailing list