On 1/26/24 09:34, Peter Carlson via samba wrote:>
> On 1/26/24 02:35, Rowland Penny via samba wrote:
>> On Thu, 25 Jan 2024 18:45:52 -0800 Peter Carlson via samba
>> <samba at lists.samba.org> wrote:
>>> The share mounts and I am a member of the correct groups
>>> CARLSON\peter at u2gui:~$ cat /etc/fstab //fs.carlson.lab/test
>>> /mnt/test cifs
>>> credentials=/root/smbcreds,multiuser,sec=ntlmssp,_netdev 0 0
>> I think that could be part of your problem, even though you are using
>> 'multiuser', you are mounting as root. try reading 'man
mount.cifs'
>> and pay particular attention to 'sec=krb5' and
'multiuser', that way
>> you will not require a password. Rowland
> ok I am a bit confused on mounting using service tickets and krb5. I
> created the ticket on the client linux machine:
>
> ?? root at u2gui:~# kinit -k U2GUI$
> ?? root at u2gui:~# klist
> ?? Ticket cache: FILE:/tmp/krb5cc_0
> ?? Default principal: U2GUI$@CARLSON.LAB
>
> ?? Valid starting?????? Expires????????????? Service principal
> ?? 01/26/2024 09:13:19? 01/26/2024 19:13:19
> krbtgt/CARLSON.LAB at CARLSON.LAB
> ??? ?? ?renew until 01/27/2024 09:13:18
>
> and the fstab:
>
> ?? //fs.carlson.lab/test /mnt/test cifs
> ?? vers=3.0,multiuser,sec=krb5,_netdev 0 0
>
>
ok, I did figure out the required key not available, but now it's
permission denied
root at u2gui:~# mount -a
mount error(13): Permission denied
The logs seem to indicate that it is trying to connect as user u2gui.? I
thought it mounted with a service account?
[2024/01/26 20:19:59.402444,? 3]
../../source3/auth/auth_generic.c:173(auth3_generate_session_info_pac)
? Kerberos ticket principal name is [U2GUI$@CARLSON.LAB]
[2024/01/26 20:19:59.404439,? 3]
../../source3/param/loadparm.c:3998(lp_load_ex)
? lp_load_ex: refreshing parameters
[2024/01/26 20:19:59.404550,? 3]
../../source3/param/loadparm.c:560(init_globals)
? Initialising global parameters
[2024/01/26 20:19:59.404675,? 3]
../../source3/param/loadparm.c:2900(lp_do_section)
? Processing section "[global]"
[2024/01/26 20:19:59.404926,? 2]
../../source3/param/loadparm.c:2917(lp_do_section)
? Processing section "[Test]"
[2024/01/26 20:19:59.404992,? 3]
../../source3/param/loadparm.c:1684(lp_add_ipc)
? adding IPC service
[2024/01/26 20:19:59.405125,? 3]
../../source3/smbd/password.c:84(register_homes_share)
? Adding homes service for user 'CARLSON\u2gui$' using home directory:
'/home/u2gui_ at CARLSON'
[2024/01/26 20:19:59.405903,? 3] ../../lib/util/access.c:372(allow_access)
? Allowed connection from 192.168.1.54 (192.168.1.54)
[2024/01/26 20:19:59.405993,? 3]
../../source3/smbd/smb2_service.c:584(make_connection_snum)
? make_connection_snum: Connect path is '/tmp' for service [IPC$]
[2024/01/26 20:19:59.406045,? 3]
../../source3/smbd/vfs.c:115(vfs_init_default)
? Initialising default vfs hooks
[2024/01/26 20:19:59.406058,? 3]
../../source3/smbd/vfs.c:141(vfs_init_custom)
? Initialising custom vfs hooks from [/[Default VFS]/]
[2024/01/26 20:19:59.406066,? 3]
../../source3/smbd/vfs.c:141(vfs_init_custom)
? Initialising custom vfs hooks from [acl_xattr]
[2024/01/26 20:19:59.407376,? 3]
../../lib/util/modules.c:167(load_module_absolute_path)
? load_module_absolute_path: Module
'/usr/lib/x86_64-linux-gnu/samba/vfs/acl_xattr.so' loaded
[2024/01/26 20:19:59.407438,? 2]
../../source3/modules/vfs_acl_xattr.c:206(connect_acl_xattr)
? connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service IPC$
[2024/01/26 20:19:59.407562,? 3]
../../source3/smbd/smb2_service.c:814(make_connection_snum)
? 192.168.1.54 (ipv4:192.168.1.54:57442) signed connect to service IPC$
initially as user CARLSON\u2gui$ (uid=2001115, gid=2000515) (pid 42056)
[2024/01/26 20:19:59.408091,? 3] ../../lib/util/access.c:372(allow_access)
? Allowed connection from 192.168.1.54 (192.168.1.54)
[2024/01/26 20:19:59.408163,? 3]
../../source3/smbd/smb2_service.c:584(make_connection_snum)
? make_connection_snum: Connect path is '/data/test' for service [Test]
[2024/01/26 20:19:59.408185,? 3]
../../source3/smbd/vfs.c:115(vfs_init_default)
? Initialising default vfs hooks
[2024/01/26 20:19:59.408194,? 3]
../../source3/smbd/vfs.c:141(vfs_init_custom)
? Initialising custom vfs hooks from [/[Default VFS]/]
[2024/01/26 20:19:59.408201,? 3]
../../source3/smbd/vfs.c:141(vfs_init_custom)
? Initialising custom vfs hooks from [acl_xattr]
[2024/01/26 20:19:59.408212,? 2]
../../source3/modules/vfs_acl_xattr.c:206(connect_acl_xattr)
? connect_acl_xattr: setting 'inherit acls = true' 'dos filemode =
true' and 'force unknown acl user = true' for service Test
[2024/01/26 20:19:59.408321,? 2]
../../source3/smbd/smb2_service.c:814(make_connection_snum)
? 192.168.1.54 (ipv4:192.168.1.54:57442) signed connect to service Test
initially as user CARLSON\u2gui$ (uid=2001115, gid=2000515) (pid 42056)
[2024/01/26 20:19:59.408773,? 0]
../../source3/smbd/smb2_service.c:117(chdir_current_service)
? chdir_current_service: vfs_ChDir(/data/test) failed: Permission
denied. Current token: uid=2001115, gid=2000515, 5 groups: 2001115
2000515 10003 10004 10006
[2024/01/26 20:19:59.408817,? 3]
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:3322
[2024/01/26 20:19:59.409054,? 3]
../../source3/smbd/msdfs.c:984(get_referred_path)
? get_referred_path: |test| in dfs path \fs1.carlson.lab\test is not a
dfs root.
[2024/01/26 20:19:59.409083,? 3]
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_NOT_FOUND] || at ../../source3/smbd/smb2_ioctl.c:353
[2024/01/26 20:19:59.409380,? 0]
../../source3/smbd/smb2_service.c:117(chdir_current_service)
? chdir_current_service: vfs_ChDir(/data/test) failed: Permission
denied. Current token: uid=2001115, gid=2000515, 5 groups: 2001115
2000515 10003 10004 10006
[2024/01/26 20:19:59.409436,? 3]
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:3322
[2024/01/26 20:19:59.409825,? 0]
../../source3/smbd/smb2_service.c:117(chdir_current_service)
? chdir_current_service: vfs_ChDir(/data/test) failed: Permission
denied. Current token: uid=2001115, gid=2000515, 5 groups: 2001115
2000515 10003 10004 10006
[2024/01/26 20:19:59.409882,? 3]
../../source3/smbd/smb2_server.c:4031(smbd_smb2_request_error_ex)
? smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../../source3/smbd/smb2_server.c:3322
[2024/01/26 20:19:59.410197,? 3]
../../source3/smbd/smb2_service.c:907(close_cnum)
? 192.168.1.54 (ipv4:192.168.1.54:57442) closed connection to service IPC$
[2024/01/26 20:19:59.410303,? 2]
../../source3/smbd/smb2_service.c:907(close_cnum)
? 192.168.1.54 (ipv4:192.168.1.54:57442) closed connection to service Test
[2024/01/26 20:19:59.546220,? 3]
../../source3/smbd/server_exit.c:229(exit_server_common)
? Server exit (NT_STATUS_END_OF_FILE)