search for: upcalls

Hello, On Debian 9 (stretch prerelease) I am able to mount with the following command with root using the following command: mount -t cifs //smb.physics.wisc.edu/smb /smb -osec=krb5,multiuser,username=smbadmin at PHYSICS.WISC.EDU --verbose root can also access files as expected However, when cifs-utils 6.6-5 is installed, a different user cannot access as expected: ls /smb ls: cannot

Hi samba --version Version 4.0.6-GIT-4bebda4 smb.conf: [users] path = /home/users read only = No Working on the DC which is also the fileserver user steve2 can write to his folder at /home/users/steve2 But if we now mount the share: sudo mount -t cifs //doloresdc/users /mnt -osec=krb5,multiuser he can't write to the mounted share at /mnt/users/steve2 He gets 'Permission denied'.

Apologies for v3 series, I had some extra patches in there. This is the one that should have been sent. Relabeled as v4 for clarity. Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop

Hi, I am trying to mount fileserver (samba, 10.20.30.16) shares on a linux domain member server, where I logged on via ssh using AD my credentials. I am unable to get past the "mount error(126): Required key not available" error message. I have read and googled a lot, and could use some help. See this: > domainuser at memberserver-45:~$ sudo tail -f /var/log/debug & >

Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop capabilities before doing most of its work. This may help reduce the attack surface of the program. Jeff Layton (4): cifs.upcall: convert

Hi list, I joined a workstation (Debian 10, Samba from distribution) to our AD domain (Windows 2012 Server). The domain ends by ".local" (yes I know, not my fault). However, after a domain user logged to the machine, I can't mount a share that exists on the AD server using user's kerberos ticket: it fails with error "Required key not available". Mounting using

Small respin of the patches that I posted a few days ago. The main difference is the reordering of the series to make it do the group and grouplist manipulation first, and then the patch that makes it grab the KRB5CCNAME from the initiating process. I think the code is sound, my main question is whether we really need the command-line switch for this. Should this just be the default mode of

Chad reported that he was seeing a regression in cifs-utils-6.6. Prior to that, cifs.upcall was able to find credcaches in non-default FILE: locations, but with the rework of that code, that ability was lost. Unfortunately, the krb5 library design doesn't really take into account the fact that we might need to find a credcache in a process that isn't descended from the session. When the

Hi @all, I have some problems when using pam_mount.conf.xml to mount shares via kerberos (and also for ntlm) regarding reliability of the mount. I have tested the issue with 2 different environments. My environments are: 2 Microsoft Domain Controllers + a separate fileserver and Ubuntu 18.04 or 22.04 as clients. My other tested environment is one Microsoft Server 2019 (as domain controller and

On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys wrote: > Hi Jeff, > > > So we have a default credcache for the user for whom we are operating > > as, but we can't get the default principal name from it. My guess is > > that it's not finding the > > This mount is run by root UID=0 and seems to be find that credential > cache without problem (earlier

Hello, Trying to compile Samba 3.2.15 on a RHEL AS 4u2 (i686) and I'm getting the following result from 'sh makerpms.sh': > Provides: samba-doc = 3.2.15-1 > Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= 3.0.3-1 > > > RPM build errors: > File not found:

Currently, we leave the group ID alone, but now that we're looking at KRB5CCNAME, we need to be a little more careful with credentials. After we get the uid, do a getpwuid and grab the default gid for the user. Then use setgid to set it before calling setuid. Signed-off-by: Jeff Layton <jlayton at samba.org> --- cifs.upcall.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed,

On Thu, 25 Jan 2024 18:45:52 -0800 Peter Carlson via samba <samba at lists.samba.org> wrote: > I am getting a permission denied when trying to ls as a domain user a > samba mount with windows ACLs (sigh I thought I had this figured > out). I tried to include self descriptive server names and include > them in the info below (fs1: file server, nc: addc, u2gui: ubuntu >

Hai Mourik-Jan, Beste wensen he ;-) Lets start here.. A and PTR record exists for both servers? Does CIFS/spn and root/spn exist in the AD? In krb5.conf, set these : ; not used for nfs4 but cifs might need it. ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac

After re-join kinit Administrator net ads keytab add cifs/$(hostname -f) -k net ads keytab add_update_ads -k samba-tool delegation for-any-service COMPUTERNAME$ on ( or use : delegation add-service accountname principal [options] ) Reboot Should work now. ;-) Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Yvan

On Mon, 2017-02-13 at 05:02 -0500, Simo Sorce wrote: > On Sat, 2017-02-11 at 10:16 -0500, Jeff Layton wrote: > > On Sat, 2017-02-11 at 08:41 -0500, Jeff Layton wrote: > > > Chad reported that he was seeing a regression in cifs-utils-6.6. > > > Prior > > > to that, cifs.upcall was able to find credcaches in non-default > > > FILE: > > >

On 1/26/24 02:35, Rowland Penny via samba wrote: > On Thu, 25 Jan 2024 18:45:52 -0800 Peter Carlson via samba > <samba at lists.samba.org> wrote: >> The share mounts and I am a member of the correct groups >> CARLSON\peter at u2gui:~$ cat /etc/fstab //fs.carlson.lab/test /mnt/test >> cifs credentials=/root/smbcreds,multiuser,sec=ntlmssp,_netdev 0 0 > I think

Did you "deleated the computer object" to allow kerberos services. And did you add the CIFS/spn to the computer and keytab ? https://wiki.samba.org/index.php/Generating_Keytabs If its a member, which i assume. kinit Administrator net ads keytab add cifs/$(hostname -f) -k net ads keytab add_update_ads -k Add these and it should work. You might need to restart or reboot., sometimes

On Thu, 2017-02-09 at 14:45 -0600, Chad William Seys wrote: > Hi Jeff, > Could you look at the following mailing list posting? > > https://lists.samba.org/archive/samba/2017-February/206468.html > > It looks like cifs.upcall has changed its behavior. As described in > that post, I can mount with root / kerberos, but then cannot access with > another user who has

Thanks for your help! Le 09/03/2020 ? 15:39, L.P.H. van Belle via samba a ?crit?: > Did you "deleated the computer object" to allow kerberos services. > And did you add the CIFS/spn to the computer and keytab ? > I am sorry, I don't really understand the above: mount requires a keytab AND a user ticket? > https://wiki.samba.org/index.php/Generating_Keytabs > >