[Bug 236830] Re: cifs does not support kerberos authentication

Theo Markettos theo at markettos.org.uk
Sun Oct 19 15:43:27 BST 2008 

I can't make this work for me:

atm26 at bigwig:~/hardy$ sudo mount.cifs //127.0.0.1/bigdisc /tmp/foo -ousername=atm26,sec=krb5,guest --verbose
parsing options: username=atm26,sec=krb5,guest

mount.cifs kernel mount options unc=//127.0.0.1\bigdisc,ip=127.0.0.1,ver=1,username=atm26,sec=krb5,guest 
mount error 5 = Input/output error
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)

with variations of hostnames/IP addresses to no effect (also used -o
ip=127.0.0.1 and the real NetBIOS name of the server in the UNC path).
Tried both krb5 and krb5i.  I'm doing this over an SSH tunnel: ports 139
and 445 forwarded to the same ports on the CIFS server (a NetApp F840)
and port 88 to the Windows AD Kerberos server.  The ports are open:

atm26 at bigwig:~/hardy$ netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 localhost:netbios-ssn   *:*                     LISTEN     
tcp        0      0 localhost:kerberos      *:*                     LISTEN     
tcp        0      0 localhost:microsoft-ds  *:*                     LISTEN     
(tried IPv4-only as well).  If I close these connections I get 
mount error 111 = Connection refused
so it's not just a network connectivity thing.
I've also tried forwarding port 137 to the AD Kerberos server too with no change.

atm26 at bigwig:~/hardy$ sudo klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: atm26 at AD.CL.CAM.AC.UK
Valid starting     Expires            Service principal
10/19/08 13:49:34  10/19/08 23:49:39  krbtgt/AD.CL.CAM.AC.UK at AD.CL.CAM.AC.UK
        renew until 10/20/08 13:49:34
10/19/08 13:52:56  10/19/08 23:49:39  elmer$@AD.CL.CAM.AC.UK
        renew until 10/20/08 13:49:34
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

atm26 at bigwig:~/hardy$ uname -a
Linux bigwig 2.6.24-21-generic #1 SMP Mon Aug 25 17:32:09 UTC 2008 i686 GNU/Linux


I've just upgraded from edgy to hardy via feisty and gutsy. I've installed smbfs/smbclient/samba-common/samba 3.0.28a-1ubuntu4.7 from hardy-proposed and added a line into /etc/request-key.conf as above (keyutils 1.2-4):
create  cifs.upcall     *       *               /usr/sbin/cifs.upcall %k %d

smbclient seems to work:
atm26 at bigwig:~/hardy$ sudo smbclient -k -L 127.0.0.1
OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

        Sharename       Type      Comment
        ---------       ----      -------
        atm26           Disk      Home Directory
        IPC$            IPC       Remote IPC
        ETC$            Disk      Remote Administration
        homes-1         Disk      Home directories
        homes-2         Disk      Home directories
        homes-3         Disk      Home directories
[snip list of shares available on the server]
        grp-rb5         Disk      
        grp-rb6         Disk      
Receiving SMB: Server stopped responding
session request to 127.0.0.1 failed (Call returned zero bytes (EOF))
Receiving SMB: Server stopped responding
session request to 127 failed (Call returned zero bytes (EOF))
OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]

(the Server stopped responding bits are strange, but I can login and
alter files fine with smbclient)

I'm not 100% convinced this is a Kerberos-related problem, but the same
mount worked just fine on SMBFS on edgy.

-- 
cifs does not support kerberos authentication
https://bugs.launchpad.net/bugs/236830
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to samba in ubuntu.

More information about the Ubuntu-server-bugs mailing list