Web lists-archives.com

[Samba] mount cifs with sec=krb5




Hi,

I am trying to mount fileserver (samba, 10.20.30.16) shares on a linux domain member server, where I logged on via ssh using AD my credentials.

I am unable to get past the "mount error(126): Required key not available" error message. I have read and googled a lot, and could use some help.

See this:

domainuser@memberserver-45:~$ sudo tail -f /var/log/debug &
[1] 2178
domainuser@memberserver-45:~$ id -u
2028
domainuser@memberserver-45:~$ id -g
513
domainuser@memberserver-45:~$ klist
Ticket cache: FILE:/tmp/krb5cc_2028
Default principal: domainuser@xxxxxxxxxxxxxxxxx

Valid starting       Expires              Service principal
01/07/2019 17:01:12  01/08/2019 03:01:12  krbtgt/SAMBA.COMPANY.COM@xxxxxxxxxxxxxxxxx
        renew until 01/14/2019 17:01:12
01/07/2019 17:01:12  01/08/2019 03:01:12  MEMBERSERVER-45$@SAMBA.COMPANY.COM
domainuser@memberserver-45:~$ sudo mount -t cifs //sambaserver/domainuser /mnt -osec=krb5,cruid=2028,uid=2028,gid=513

Jan  7 17:11:36 memberserver-45 cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=sambaserver;ip4=10.20.30.16;sec=krb5;uid=0x3f6;creduid=0x3f6;user=root;pid=0x872
Jan  7 17:11:36 memberserver-45 cifs.upcall: ver=2
Jan  7 17:11:36 memberserver-45 cifs.upcall: host=sambaserver
Jan  7 17:11:36 memberserver-45 cifs.upcall: ip=10.20.30.16
Jan  7 17:11:36 memberserver-45 cifs.upcall: sec=1
Jan  7 17:11:36 memberserver-45 cifs.upcall: uid=2028
Jan  7 17:11:36 memberserver-45 cifs.upcall: creduid=2028
Jan  7 17:11:36 memberserver-45 cifs.upcall: user=root
Jan  7 17:11:36 memberserver-45 cifs.upcall: pid=2162
Jan  7 17:11:36 memberserver-45 cifs.upcall: get_cachename_from_process_env: pathname=/proc/2162/environ
Jan  7 17:11:36 memberserver-45 cifs.upcall: get_cachename_from_process_env: cachename = FILE:/tmp/krb5cc_2028
Jan  7 17:11:36 memberserver-45 cifs.upcall: get_existing_cc: default ccache is FILE:/tmp/krb5cc_2028
Jan  7 17:11:36 memberserver-45 cifs.upcall: handle_krb5_mech: getting service ticket for sambaserver
Jan  7 17:11:36 memberserver-45 cifs.upcall: cifs_krb5_get_req: unable to get credentials for sambaserver
Jan  7 17:11:36 memberserver-45 cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
Jan  7 17:11:36 memberserver-45 cifs.upcall: handle_krb5_mech: getting service ticket for sambaserver.company.com
Jan  7 17:11:36 memberserver-45 cifs.upcall: cifs_krb5_get_req: unable to get credentials for sambaserver.company.com
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Jan  7 17:11:36 memberserver-45 cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
Jan  7 17:11:36 memberserver-45 cifs.upcall: Unable to obtain service ticket
Jan  7 17:11:36 memberserver-45 cifs.upcall: Exit status -1765328377
domainuser@memberserver-45:~$

This is on debian 9.6, and /etc/krb5.conf is as recommended on the samba wiki.

Suggestions would be very much appreciated. :-)

Best regards,
MJ


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba