[Bug 1772148] Re: Mount.cifs does not work without keyutils being installed

krbvroc1 1772148 at bugs.launchpad.net
Sat Sep 26 16:28:01 UTC 2020 

I just spent days troubleshooting mount.cifs not working and ultimately
determined it was due to this bug. I could mount okay, but no id/group
mapping to the proper users would take place. All files were owned by
the mounter or the uid/gid passed to the mount command. For 'cifsacl'
option, this is not how it is supposed to work.

I started with an sssd setup which didn't work and then tried straight
samba/winbind which equally didn't work.

I use mount.cifs with the 'cifsacl' option. 'cifsacl' will use winbind
to perform the mapping. In the Linux kernel, cifsacl.c calls functions
such as 'sid_to_id' which in turn issues a 'request_key' call.

So the cifs-utils package installs
/etc/request-key.d/cifs.idmap.conf
/etc/request-key.d/cifs.spnego.conf

However the package only has a 'suggestion' of the keyutils package.
Without installing keyutils which creates the /etc/request-key.conf file
AND installs the /sbin/request-key binary,  the 'cifsacl' option doesn't
work / perform the winbind mapping as it should. cifs-utils installed
the cifs.idmap.conf which requires the /sbin/request-key binary be
installed to invoke the cifs.idmap userspace helper.

If this cifs-utils does not change the keyutils to a required
dependency, then I think there at least needs to be some serious
logging/warning when a mount with cifsacl option is done to warn the
user that cifs.idmap is not going to work / be invoked.

One I installed the keyutils package, then everything worked as I
expected (and had been working on a different distro).

After enabling debugging of the cifs module, I had seen the following
messages when keyutils was not installed when accessing the mounted fs
(with cifsacl):

kernel: fs/cifs/smb2ops.c: get_smb2_acl_by_path: rc = 0 ACL len 176
kernel: fs/cifs/cifsacl.c: sid_to_id: Can't map SID os:S-1-5-21-xxx-1115 to a uid
kernel: fs/cifs/cifsacl.c: sid_to_id: Can't map SID gs:S-1-5-21-xxx-513 to a gid
kernel: fs/cifs/inode.c: looking for uniqueid=3276811 

Those debug level messages were not very helpful in indicating the
request-key was failing rather than a samba/winbind issue.

This was on a new Ubuntu 20.04 LTS install.

Some comments above indicated an 'it works for me'. However those
scenarios did not include the 'cifsacl' option, so the use of the
cifs.idmap upcall was not exercised.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cifs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1772148

Title:
  Mount.cifs does not work without keyutils being installed

Status in cifs-utils package in Ubuntu:
  Confirmed

Bug description:
  In 17.10 you could mount a cifs network-drive via

  > sudo mount -t cifs  //xx.yy.zz/abc t -o
  vers=1.0,username=xxxxxx,sec=ntlm,uid=1000,gid=1000,iocharset=utf8,domain=DD

  having cifs-utils (and smbclient) installed manually.

  But in 18.04 (both with SMB1 and moving til SMB3) it does not work
  until keyutils has been installed.

  The only error I see, when the cifs mount is not working, is a -2
  error ("mount error(2): No such file or directory"  or  "CIFS VFS:
  cifs_mount failed w/return code = -2"):

  mbmount> sudo mount -t cifs //xx.yy.zz/abc t --verbose -o vers=3,username=xxxxxx,sec=ntlmv2,uid=1000,gid=1000,iocharset=utf8,domain=DD,nounix
  Password for xxxxx:  ********
  mount error(2): No such file or directory
  Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

  Smbmount> dmesg | tail
  [   89.915840] [UFW BLOCK] IN=wlp4s0 OUT= MAC=28:16:ad:18:e7:87:00:18:4d:4f:f5:1c:08:00 SRC=10.88.128.13 DST=192.168.1.3 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=17677 PROTO=TCP SPT=445 DPT=55514 WINDOW=0 RES=0x00 RST URGP=0 
  [   89.916307] [UFW BLOCK] IN=wlp4s0 OUT= MAC=28:16:ad:18:e7:87:00:18:4d:4f:f5:1c:08:00 SRC=10.88.4.188 DST=192.168.1.3 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=5527 PROTO=TCP SPT=445 DPT=52714 WINDOW=0 RES=0x00 RST URGP=0 
  [  362.580011] FS-Cache: Loaded
  [  362.592410] FS-Cache: Netfs 'cifs' registered for caching
  [  362.592495] Key type cifs.spnego registered
  [  362.592498] Key type cifs.idmap registered
  [  362.752492] CIFS VFS: BAD_NETWORK_NAME: \\xx.yy.zz\abc
  [  362.787329] CIFS VFS: cifs_mount failed w/return code = -2
  [  381.832633] CIFS VFS: BAD_NETWORK_NAME: \\xx.yy.zz\abc
  [  381.870721] CIFS VFS: cifs_mount failed w/return code = -2

  > apt install keyutils
  ...

  Smbmount> sudo mount -t cifs //xx.yy.zz/abc t --verbose -o
  vers=3,username=xxxxxx,sec=ntlmv2,uid=1000,gid=1000,iocharset=utf8,domain=DD,nounix

  >MOUNT OK HERE>

  Smbmount> dmesg  | tail
  [   89.916307] [UFW BLOCK] IN=wlp4s0 OUT= MAC=28:16:ad:18:e7:87:00:18:4d:4f:f5:1c:08:00 SRC=10.88.4.188 DST=192.168.1.3 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=5527 PROTO=TCP SPT=445 DPT=52714 WINDOW=0 RES=0x00 RST URGP=0 
  [  362.580011] FS-Cache: Loaded
  [  362.592410] FS-Cache: Netfs 'cifs' registered for caching
  [  362.592495] Key type cifs.spnego registered
  [  362.592498] Key type cifs.idmap registered
  [  362.752492] CIFS VFS: BAD_NETWORK_NAME: \\xx.yy.zz\abc
  [  362.787329] CIFS VFS: cifs_mount failed w/return code = -2
  [  381.832633] CIFS VFS: BAD_NETWORK_NAME: \\xx.yy.zz\abc
  [  381.870721] CIFS VFS: cifs_mount failed w/return code = -2
  [  432.322763] CIFS VFS: BAD_NETWORK_NAME: \\xx.yy.zz\abc

  Keyutils were not manually installed in my 17.10 system. And I am
  aware of the change in default SMB versions from kernel 4.13.5 and on
  (cause me to insert the vers=1.0 in the mount options):

  From man mount.cifs:
   "The  default since v4.13.5 is for the client and server to negotiate the highest possible
   version greater than or equal to 2.1. In kernels prior to
   v4.13, the default was 1.0. For kernels between v4.13 and v4.13.5 the default is 3.0."

  And there are no fundamental change in the packages for cifs-utils, as
  I can see (both suggests to use keyutils!).

  My 17.10:
  Package: cifs-utils
  Status: install ok installed
  Priority: optional
  Section: otherosfs
  Installed-Size: 229
  Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
  Architecture: amd64
  Version: 2:6.7-1
  Replaces: smbfs (<< 2:4.0~rc1-1)
  Depends: samba-common, libc6 (>= 2.17), libcap-ng0, libkeyutils1 (>= 1.4), libkrb5-3 (>= 1.13~alpha1+dfsg), libpam0g (>= 0.99.7.1), libtalloc2 (>= 2.0.4~git20101213), libwbclient0 (>= 2:4.0.3+dfsg1)
  Suggests: keyutils, smbclient, winbind
  Conffiles:
   /etc/request-key.d/cifs.idmap.conf 4c95734a68b45b65a5dc7b108836427b
   /etc/request-key.d/cifs.spnego.conf db5289bad3063aea58e1814380259a28
  Description: Common Internet File System utilities
   The SMB/CIFS protocol provides support for cross-platform file sharing with
   Microsoft Windows, OS X, and other Unix systems.
   .
   This package provides utilities for managing mounts of CIFS network
   file systems.
  Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>
  Homepage: http://www.samba.org/~jlayton/cifs-utils/ 

  My 18.04:
  Package: cifs-utils
  Status: install ok installed
  Priority: optional
  Section: otherosfs
  Installed-Size: 226
  Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
  Architecture: amd64
  Version: 2:6.8-1
  Replaces: smbfs (<< 2:4.0~rc1-1)
  Depends: samba-common, libc6 (>= 2.17), libcap-ng0, libkeyutils1 (>= 1.4), libkrb5-3 (>= 1.13~alpha1+dfsg), libpam0g (>= 0.99.7.1), libtalloc2 (>= 2.0.4~git20101213), libwbclient0 (>= 2:4.0.3+dfsg1)
  Suggests: keyutils, smbclient, winbind
  Conffiles:
   /etc/request-key.d/cifs.idmap.conf 4c95734a68b45b65a5dc7b108836427b
   /etc/request-key.d/cifs.spnego.conf db5289bad3063aea58e1814380259a28
  Description: Common Internet File System utilities
   The SMB/CIFS protocol provides support for cross-platform file sharing with
   Microsoft Windows, OS X, and other Unix systems.
   .
   This package provides utilities for managing mounts of CIFS network
   file systems.
  Original-Maintainer: Debian Samba Maintainers <pkg-samba-maint at lists.alioth.debian.org>
  Homepage: http://www.samba.org/~jlayton/cifs-utils/

  
  My system info:

  My old linux, 17.10 box:
  	mount.cifs version: 6.7
  	Linux cef-leno 4.13.0-39-generic #44-Ubuntu SMP Thu Apr 5 14:25:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

  My new linux: 18:04 box:
  	mount.cifs version: 6.8

  	Distributor ID:	Ubuntu
  	Description:	Ubuntu 18.04 LTS
  	Release:	18.04
  	Codename:	bionic

          Linux xxxxxx 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24
  06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1772148/+subscriptions

More information about the foundations-bugs mailing list