Chad William Seys
2017-Feb-08 22:29 UTC
[Samba] cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
Hello, On Debian 9 (stretch prerelease) I am able to mount with the following command with root using the following command: mount -t cifs //smb.physics.wisc.edu/smb /smb -osec=krb5,multiuser,username=smbadmin at PHYSICS.WISC.EDU --verbose root can also access files as expected However, when cifs-utils 6.6-5 is installed, a different user cannot access as expected: ls /smb ls: cannot access '/smb': Permission denied But when cifs-utils 6.4-1 is installed (from jessie) the different user can access as expect. AFAIK there are no other differences besides the cifs-utils version. The first difference in syslog is "kernel: [223018.425633] CIFS VFS: Send error in SessSetup = -126". I'll paste the working and non-working logs below. The "different user" mentioned above has UID 1494 which appears in the logs. Thanks for your time! C. WORKING: cifs-utils v 6.4-1 Feb 8 09:51:46 trog cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=smb.physics.wisc.edu;ip4=128.104.160.17;sec=krb5;uid0x0;creduid=0x0;user=smbadmin at PHYSICS.WISC.EDU;pid=0x6bd0 Feb 8 09:51:46 trog cifs.upcall: ver=2 Feb 8 09:51:46 trog cifs.upcall: host=smb.physics.wisc.edu Feb 8 09:51:46 trog cifs.upcall: ip=128.104.160.17 Feb 8 09:51:46 trog cifs.upcall: sec=1 Feb 8 09:51:46 trog cifs.upcall: uid=0 Feb 8 09:51:46 trog cifs.upcall: creduid=0 Feb 8 09:51:46 trog cifs.upcall: user=smbadmin at PHYSICS.WISC.EDU Feb 8 09:51:46 trog cifs.upcall: pid=27600 Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: scandir error on directory '/run/user/0': No such file or directory Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_0 Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_0 is valid ccache Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_1494_sM11PG Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: /tmp/krb5cc_1494_sM11PG is owned by 1494, not 0 Feb 8 09:51:46 trog cifs.upcall: handle_krb5_mech: getting service ticket for smb.physics.wisc.edu Feb 8 09:51:46 trog cifs.upcall: handle_krb5_mech: obtained service ticket Feb 8 09:51:46 trog cifs.upcall: Exit status 0 Feb 8 09:51:46 trog cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=smb.physics.wisc.edu;ip4=128.104.160.17;sec=krb5;uid=0x0;creduid=0x0;user=smbadmin at PHYSICS.WISC.EDU;pid=0x6bd0 Feb 8 09:51:46 trog cifs.upcall: ver=2 Feb 8 09:51:46 trog cifs.upcall: host=smb.physics.wisc.edu Feb 8 09:51:46 trog cifs.upcall: ip=128.104.160.17 Feb 8 09:51:46 trog cifs.upcall: sec=1 Feb 8 09:51:46 trog cifs.upcall: uid=0 Feb 8 09:51:46 trog cifs.upcall: creduid=0 Feb 8 09:51:46 trog cifs.upcall: user=smbadmin at PHYSICS.WISC.EDU Feb 8 09:51:46 trog cifs.upcall: pid=27600 Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: scandir error on directory '/run/user/0': No such file or directory Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_0 Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_0 is valid ccache Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_1494_sM11PG Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: /tmp/krb5cc_1494_sM11PG is owned by 1494, not 0 Feb 8 09:51:46 trog cifs.upcall: handle_krb5_mech: getting service ticket for smb.physics.wisc.edu Feb 8 09:51:46 trog cifs.upcall: handle_krb5_mech: obtained service ticket Feb 8 09:51:46 trog cifs.upcall: Exit status 0 Feb 8 09:51:46 trog cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=smb.physics.wisc.edu;ip4=128.104.160.17;sec=krb5;uid=0x5d6;creduid=0x5d6;pid=0x6725 Feb 8 09:51:46 trog cifs.upcall: ver=2 Feb 8 09:51:46 trog cifs.upcall: host=smb.physics.wisc.edu Feb 8 09:51:46 trog cifs.upcall: ip=128.104.160.17 Feb 8 09:51:46 trog cifs.upcall: sec=1 Feb 8 09:51:46 trog cifs.upcall: uid=1494 Feb 8 09:51:46 trog cifs.upcall: creduid=1494 Feb 8 09:51:46 trog cifs.upcall: pid=26405 Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_0 Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: /tmp/krb5cc_0 is owned by 0, not 1494 Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_1494_sM11PG Feb 8 09:51:46 trog cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_1494_sM11PG is valid ccache Feb 8 09:51:46 trog cifs.upcall: handle_krb5_mech: getting service ticket for smb.physics.wisc.edu Feb 8 09:51:46 trog cifs.upcall: handle_krb5_mech: obtained service ticket Feb 8 09:51:46 trog cifs.upcall: Exit status 0 NON-WORKING cifs-utils v 6.6-5 eb 8 09:48:14 trog cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=smb.physics.wisc.edu;ip4=128.104.160.17;sec=krb5;uid=0x0;creduid=0x0;user=smbadmin at PHYSICS.WISC.EDU;pid=0x67d2 Feb 8 09:48:14 trog cifs.upcall: ver=2 Feb 8 09:48:14 trog cifs.upcall: host=smb.physics.wisc.edu Feb 8 09:48:14 trog cifs.upcall: ip=128.104.160.17 Feb 8 09:48:14 trog cifs.upcall: sec=1 Feb 8 09:48:14 trog cifs.upcall: uid=0 Feb 8 09:48:14 trog cifs.upcall: creduid=0 Feb 8 09:48:14 trog cifs.upcall: user=smbadmin at PHYSICS.WISC.EDU Feb 8 09:48:14 trog cifs.upcall: pid=26578 Feb 8 09:48:14 trog cifs.upcall: get_tgt_time: unable to get principal Feb 8 09:48:14 trog cifs.upcall: handle_krb5_mech: getting service ticket for smb.physics.wisc.edu Feb 8 09:48:14 trog cifs.upcall: handle_krb5_mech: obtained service ticket Feb 8 09:48:14 trog cifs.upcall: Exit status 0 Feb 8 09:48:14 trog cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=smb.physics.wisc.edu;ip4=128.104.160.17;sec=krb5;uid=0x0;creduid=0x0;user=smbadmin at PHYSICS.WISC.EDU;pid=0x67d2 Feb 8 09:48:14 trog cifs.upcall: ver=2 Feb 8 09:48:14 trog cifs.upcall: host=smb.physics.wisc.edu Feb 8 09:48:14 trog cifs.upcall: ip=128.104.160.17 Feb 8 09:48:14 trog cifs.upcall: sec=1 Feb 8 09:48:14 trog cifs.upcall: uid=0 Feb 8 09:48:14 trog cifs.upcall: creduid=0 Feb 8 09:48:14 trog cifs.upcall: user=smbadmin at PHYSICS.WISC.EDU Feb 8 09:48:14 trog cifs.upcall: pid=26578 Feb 8 09:48:14 trog cifs.upcall: handle_krb5_mech: getting service ticket for smb.physics.wisc.edu Feb 8 09:48:14 trog cifs.upcall: handle_krb5_mech: obtained service ticket Feb 8 09:48:14 trog cifs.upcall: Exit status 0 Feb 8 09:48:14 trog cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=smb.physics.wisc.edu;ip4=128.104.160.17;sec=krb5;uid=0x5d6;creduid=0x5d6;pid=0x6725 Feb 8 09:48:14 trog cifs.upcall: ver=2 Feb 8 09:48:14 trog cifs.upcall: host=smb.physics.wisc.edu Feb 8 09:48:14 trog kernel: [223018.425633] CIFS VFS: Send error in SessSetup = -126 Feb 8 09:48:14 trog cifs.upcall: ip=128.104.160.17 Feb 8 09:48:14 trog cifs.upcall: sec=1 Feb 8 09:48:14 trog cifs.upcall: uid=1494 Feb 8 09:48:14 trog cifs.upcall: creduid=1494 Feb 8 09:48:14 trog cifs.upcall: pid=26405 Feb 8 09:48:14 trog cifs.upcall: get_tgt_time: unable to get principal Feb 8 09:48:14 trog cifs.upcall: Exit status 1
Aurélien Aptel
2017-Feb-09 13:15 UTC
[Samba] cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
Chad William Seys via samba <samba at lists.samba.org> writes:> But when cifs-utils 6.4-1 is installed (from jessie) the different > user can access as expect. AFAIK there are no other differences besides > the cifs-utils version.Not counting any distro-specific patches it seems cifs.upcall only had 5 commits affecting it between these 2 releases: $ git log --pretty=oneline cifs-utils-6.6...cifs-utils-6.4 cifs.upcall.c 7852bec cifs.upcall: stop passing around ccache name strings 39dbb7b cifs.upcall: make get_tgt_time take a ccache arg 3db6b3a cifs.upcall: remove KRB5_TC_OPENCLOSE a3743af cifs.upcall: make the krb5_context a static global variable 9be6e88 cifs.upcall: use krb5 routines to get default ccname It seems the way cached credentials are searched changed, which your logs show if you diff them: uid=0 creduid=0 user=smbadmin at PHYSICS.WISC.EDU -pid=27600 -find_krb5_cc: scandir error on directory '/run/user/0': No such file or directory -find_krb5_cc: considering /tmp/krb5cc_0 -find_krb5_cc: FILE:/tmp/krb5cc_0 is valid ccache -find_krb5_cc: considering /tmp/krb5cc_1494_sM11PG -find_krb5_cc: /tmp/krb5cc_1494_sM11PG is owned by 1494, not 0 +pid=26578 +get_tgt_time: unable to get principal handle_krb5_mech: getting service ticket for smb.physics.wisc.edu handle_krb5_mech: obtained service ticket Exit status 0 That "get_tgt_time: unable to get principal" message looks like it could be related to "39dbb7b cifs.upcall: make get_tgt_time take a ccache arg". Since you can easily reproduce the problem, if I were you I would try to find the bad commits between those 5. -- Aurélien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Chad William Seys
2017-Feb-09 19:23 UTC
[Samba] cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
Hi Aurélien, Thanks for the idea! For Debian packages: 6.4-1 works 6.5-1 works 6.5-2 works 6.6-1 fails 6.6-5 fails So looks like something changed from 6.5 to 6.6... When I have time I'll figure out how to compile the upcall binary.
Possibly Parallel Threads
- cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
- Samba4 Does cifs need a keytab for the multiuser option?
- cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'
- samba3 file-server crash for Samba4 DC
- cifs-utils: regression in (mulituser?) mounting 'CIFS VFS: Send error in SessSetup = -126'