samba - Feb 2004 - mount.cifs and kerberos

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry if this is a stupid question...:)
I have successfully mounted windows 2003 shares on linux using mount.cifs.  I
see
 from packet traces that smb signing is enabled and working (signing is
 set to mandatory on the win2k3 server). So I mount like this:

$ mount.cifs //server/share -o nosuid,user=admin
password:

I would like to eliminate the password dialog and use my kerberos ticket to
 authenticate mounting the share.  Is this possible, and if so, what would be
the
 command?

Thanks in advance,

Michael Brown
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFALAeuyEfMczxaHdsRAn02AJ9bk183AFR7hIlua+8ElaY/rnYrtwCaA7Qr
KTEtc7eDWPZQucL+p4fhv7w=RaMA
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 12 Feb 2004 15:09:34 -0800
Michael Brown <sambalist@mikro-net.com> wrote:
> Sorry if this is a stupid question...:)
And probably not one for this list, much apologies.

I found my answers in the linux 2.6.2 source fs/cifs/README:
<quote>
Enabling extended security works to Windows 2000 Workstations and XP but not to
 Windows 2000 server or Samba since it does not usually send "raw
NTLMSSP"
 (instead it sends NTLMSSP encapsulated in SPNEGO/GSSAPI, which support is not
 complete in the CIFS VFS yet).
</quote>
I tried to activate it anyway:
# echo 1 > /proc/fs/cifs/ExtendedSecurity
# mount.cifs //server/share /mnt
password: (I left it blank)
Segmentation fault.

At least smb signing and NTLMv2 works.
Oh well, I am sorry to waste the list's time, I hope this info is helpful to
someone.

Michael Brown


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFALBjyyEfMczxaHdsRAucPAJ9h5HnsyE8YfgwlAFavmGrDFK8t2wCcC0YL
HFNNeLI3sIYGNz9RwG+XXh8=ThOb
-----END PGP SIGNATURE-----