Sorry for a rather 'unifornative' subject, but i've little o no clue
on
this.
I'm using at work 'pam_mount' with a rather standard configuration
to mount via CIFS/SMB user's home directory, from a samba AD member
server.
This configuration is a bit 'old' (mint sonya, AKA Ubuntu 16.04 as a
client, so samba 4.3; debian and samba 4.8 as a server), but work
perfectly, probably i suppose because i'm still using SMB1.
Now i'm trying to redo the same thing, but in a rather 'modern'
setup:
samba 4.10 or .11 as a server, ubuntu focal so samba 4.11 as a client.
But i'm not able to make it work. Client side i catch in log:
Sep 5 12:38:10 pc1labinf17 kernel: [ 321.951616] FS-Cache: Loaded
Sep 5 12:38:11 pc1labinf17 kernel: [ 321.968846] FS-Cache: Netfs
'cifs' registered for caching
Sep 5 12:38:11 pc1labinf17 kernel: [ 321.968963] Key type cifs.spnego
registered
Sep 5 12:38:11 pc1labinf17 kernel: [ 321.968966] Key type cifs.idmap
registered
Sep 5 12:38:11 pc1labinf17 kernel: [ 321.971289] CIFS: Attempting to mount
//fileserver.ad.domain.test/Users/studente3.diprova
Sep 5 12:38:11 pc1labinf17 kernel: [ 321.971312] No dialect specified on
mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g.
SMB3), from CIFS (SMB1). To use the less secure SMB1 dialect to access old
servers which do not support SMB3 (or SMB2.1) specify vers=1.0 on mount.
Sep 5 12:38:11 pc1labinf17 kernel: [ 322.015963] CIFS VFS: BAD_NETWORK_NAME:
\\fileserver.ad.domain.test\Users
Sep 5 12:38:11 pc1labinf17 kernel: [ 322.016188] CIFS VFS:
\\fileserver.ad.domain.test\IPC$ ioctl error in smb2_get_dfs_refer rc=-22
Sep 5 12:38:11 pc1labinf17 kernel: [ 322.016522] CIFS VFS: cifs_mount failed
w/return code = -2
clearly i've tried some vers= and sec= combination, with no clue.
If i use pam_mkhome (eg, i create the home instead of mountin it)
clearly i can login (so PAM, NSS/Winbind and kerberos are setup
correctly), and via nautilus i can mount the share, the system
does not ask the passord (so i suppose they use kerberos).
Some hint on how to debug this? Thanks.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia''
http://www.lanostrafamiglia.it/
Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Hai Marco, Is the UPN set for this server. CIFS/hostnam.fqdn ? Does its A and PTR match with the "real" hostname? But i see : smb2_get_dfs_refer rc Not commenting on this expect... upgrade the servers.. ;-) Try : apt install keyutils this might be missing and is needed for CIFS kerberos mounts mount -t cifs -o user=USER,domain=DOMAIN,cruid=USER,sec=krb5,vers=3.0 //hostname.FQDN/share /mnt/tmp mount -t cifs -o user=USER,domain=DOMAIN,cruid=USER,sec=krb5,vers=2.1 //hostname.FQDN/share /mnt/tmp mount.cifs -o rw,user=user,pass=mypass,iocharset=utf8,sec=ntlm,vers=1.0 //hostname.FQDN /mnt/tmp Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: zondag 6 september 2020 22:23 > Aan: samba at lists.samba.org > Onderwerp: [Samba] pam_mount in 'newer samba'... > > > Sorry for a rather 'unifornative' subject, but i've little o > no clue on > this. > > > I'm using at work 'pam_mount' with a rather standard configuration > to mount via CIFS/SMB user's home directory, from a samba AD member > server. > This configuration is a bit 'old' (mint sonya, AKA Ubuntu 16.04 as a > client, so samba 4.3; debian and samba 4.8 as a server), but work > perfectly, probably i suppose because i'm still using SMB1. > > > Now i'm trying to redo the same thing, but in a rather 'modern' setup: > samba 4.10 or .11 as a server, ubuntu focal so samba 4.11 as a client. > But i'm not able to make it work. Client side i catch in log: > > Sep 5 12:38:10 pc1labinf17 kernel: [ 321.951616] FS-Cache: Loaded > Sep 5 12:38:11 pc1labinf17 kernel: [ 321.968846] FS-Cache: > Netfs 'cifs' registered for caching > Sep 5 12:38:11 pc1labinf17 kernel: [ 321.968963] Key type > cifs.spnego registered > Sep 5 12:38:11 pc1labinf17 kernel: [ 321.968966] Key type > cifs.idmap registered > Sep 5 12:38:11 pc1labinf17 kernel: [ 321.971289] CIFS: > Attempting to mount > //fileserver.ad.domain.test/Users/studente3.diprova > Sep 5 12:38:11 pc1labinf17 kernel: [ 321.971312] No > dialect specified on mount. Default has changed to a more > secure dialect, SMB2.1 or later (e.g. SMB3), from CIFS > (SMB1). To use the less secure SMB1 dialect to access old > servers which do not support SMB3 (or SMB2.1) specify > vers=1.0 on mount. > Sep 5 12:38:11 pc1labinf17 kernel: [ 322.015963] CIFS VFS: > BAD_NETWORK_NAME: \\fileserver.ad.domain.test\Users > Sep 5 12:38:11 pc1labinf17 kernel: [ 322.016188] CIFS VFS: > \\fileserver.ad.domain.test\IPC$ ioctl error in > smb2_get_dfs_refer rc=-22 > Sep 5 12:38:11 pc1labinf17 kernel: [ 322.016522] CIFS VFS: > cifs_mount failed w/return code = -2 > > clearly i've tried some vers= and sec= combination, with no clue. > > > If i use pam_mkhome (eg, i create the home instead of mountin it) > clearly i can login (so PAM, NSS/Winbind and kerberos are setup > correctly), and via nautilus i can mount the share, the system > does not ask the passord (so i suppose they use kerberos). > > > Some hint on how to debug this? Thanks. > > -- > dott. Marco Gaiarin GNUPG > Key ID: 240A3D66 > Associazione ``La Nostra Famiglia'' > http://www.lanostrafamiglia.it/ > Polo FVG - Via della Bont?, 7 - 33078 - San Vito al > Tagliamento (PN) > marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 > f +39-0434-842797 > > Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! > http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 > (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Mandi! L.P.H. van Belle via samba In chel di` si favelave...> Is the UPN set for this server. CIFS/hostnam.fqdn ?I verify.> Does its A and PTR match with the "real" hostname?In this... seems that domain members (the server and the test client) get not correctly registered in DNS; in the past i've had some 'transient' error in DNS registration, but they get solved automatically. I've also verified /etc/resolv.conf and /etc/hosts (fixing a bit the latter); in this, i'm a bit confused about netplan/systemd in buster. I'm using rather plain /etc/network/interfaces, i need to explicitly disable netplan and/or systemd network interface management?> But i see : smb2_get_dfs_refer rc > Not commenting on this expect... upgrade the servers.. ;-)?!> Try : > apt install keyutils this might be missing and is needed for CIFS kerberos mountsOK, i'll retry and say you. Thanks. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bont?, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)