similar to: mount.cifs with kerberos

Hi, when I try to mount a windows share with a valide kerberos ticket : mount.cifs //auberge.iut.lan/install_autocad /mnt/test/ -o user='IUT\Administrateur',password=toto,sec=krb5i I get this error : Jun 2 12:32:51 brice-deb kernel: fs/cifs/cifs_spnego.c: key description = ver=0x1;host=auberge.iut.lan;ip4=10.31.0.12;sec=krb5;uid=0x0 Jun 2 12:32:51 brice-deb cifs.spnego:

Hi guys, This seems to be a well-known problem with mount.cifs on Ubuntu 12.04. Unfortunately, although I have applied the suggestions I found with google, I can't seem to be able to get mount.cifs to work with kerberos. I am trying to use kerberos to mount my Windows shares because this is the only allowed secure way in my company to connect to shares. Before anyone asks, I can successfully

Hai, I'm getting somewhere, here you go, a snap of what i have atm. And what works atm. Im asuming you have winbind already running. Obligated is A+PTR record in the DNS. You can turn or the rdns check in krb5.conf but i did not test that. # Tested on Debian Stretch - NFSv4 SERVER apt-get install --auto-remove nfs-kernel-server systemctl stop nfs-* Added in krb5.conf below the

Hi, I have a Debian Stretch computer which is a "samba4 member server" of an Samba4 AD domain (versions etc. are mentioned at the end of the message). I think my config is OK and I can open a _graphical_ session with an AD account user. The display manager of the computer is Lightdm. For for instance, I can open a graphical session with the AD account bob (uid == 14001). In this case, I

Hi, Is mount.cifs with sec-krb5 or krb5i work with samna 3.2 and cifs.spnego upcall ? Regards, Brice Rouanet. **************************************** Brice Rouanet Technicien informatique D?partement Genie Chimique Centre de Ressources Informatiques **************************************** Tel : 05.62.25.89.97 Tel : 05.62.25.89.19

Hai, Hmm.. Bummer.. I just discovered the debian package dont have the vfs_nfs4acl include in the build. And because of that it's not in my packages. I'll have a look into it, see what i can make of it. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > L.P.H. van Belle via samba > Verzonden: dinsdag 9

I'm trying to set up a CIFS mount to a NetApp F840 called 'elmer' over an SSH tunnel. I also tunnel the Kerberos ports to the Windows AD server 'cannonstreet' Using Ubuntu hardy, with recent updates for CIFS that are claimed to work: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/236830 I tunnel like this: ssh -f -N -x -o TCPKeepAlive=yes -L88:cannonstreet:88

Hi, I need to run a Samba CIFS proxy (not DFS) in an AD environment. What we tried so far is mounting the remote share with mount.cifs and "-o sec=krb5i,multiuser" and share it through samba. But mount.cifs's multiuser option requires local access to the domain user's kerberos tickets, i.e, if I login as a domain user and run kinit to get a ticket, everything works. If the

mount -t cifs works to an Active Directory SBS2003, but I cannot open any files even though I can write files and change directory. smbclient -k works fine and opens files and I have done the net ads join and kinit. How do I get mount -t cifs to use the kerberos ticket created by kinit? I have tried -0 sec=krb5 and krb5i Are there any error logs to look at? Any help would be great. Thanks

Thank you for that, i did have a good look at that one. And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled. And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny

Hi all, I am testing different setups for Samba home share mounts via the CIFS protocol on Linux clients with and without Keberos security (both krb5 and krb5i). I am experiencing some strange behaviour in case of Kerberos authentication: In case of mounts (by root or the user itself) without Kerberos security (only NTLMv2 authentication), local root and the owning user on the Linux client

Does it work if you test like this. kinit testuser at EXAMPLE.COM mount -t cifs -o sec=krb5 //server.example.com/export /mnt/cifs Have a look here : https://runops.wordpress.com/2015/03/05/setup-linux-cifs-autofs-automount-using-kerberos-authentication/ I cant tell much about automount, i use it but through systemd for my nfsv4 mounts. Greetz, Louis > -----Oorspronkelijk

Hi Marco, You will hit muliple problems, most can be solved. Im installing a new member here with samba 4.8.5 and building new samba 4.8.6 atm. ;-). Im (trying to ) fix this also again in this new setup. Below it a bit of what i know. > Client are in DHCP, so it is hard to use 'normal' NFSv3 mount, eg > security by IP. If they register ( or are registered) in the dns correctly

Hello fellow Samba folks, I am attempting to mount a cifs share on a RHEL 5 box using mount.cifs. The server is another RHEL 5 box. Both boxes are joined to the same Kerberos realm (AD). I kinit to get my Kerberos tickets. This is the mount command I'm using: mount.cifs //rhel5.server.iastate.edu/benvon ./mnt -o user=benvon,sec=krb5 This results in a password prompt, then a

Hi @all, I have some problems when using pam_mount.conf.xml to mount shares via kerberos (and also for ntlm) regarding reliability of the mount. I have tested the issue with 2 different environments. My environments are: 2 Microsoft Domain Controllers + a separate fileserver and Ubuntu 18.04 or 22.04 as clients. My other tested environment is one Microsoft Server 2019 (as domain controller and

Has anyone got FC5 to mount to an SBS2003 server? kinit .. Works net ads join ...works mount -t cifs does the mount, but files cannot be read. I can cd to any directory, even create files, but cannot read any file, just get access denied. smbclient -k..works and reads files ok. I've tried krb5, krb5i as options to mount, but still no joy. Has anyone seen this problem? Thanks Mark

Hai Marco, > -----Oorspronkelijk bericht----- > Van: Marco Gaiarin [mailto:gaio at sv.lnf.it] > Verzonden: donderdag 11 oktober 2018 14:15 > Aan: L.P.H. van Belle > Onderwerp: Re: [Samba] NFSv4, homes, Kerberos... > > Mandi! L.P.H. van Belle > In chel di` si favelave... > > > If you want to test the module, i have a set ready to test. > > Ahe,

Hi, I'm trying to mount a Samba share on Linux 2.6.10, using samba-3.0.7. The authentication is done using Kerberos V5, on a Windows server. The share is located on a Solaris server that uses samba-3.0.10. Authentication with Kerberos is functional (I can get a ticket using kinit(1)). The server requires client (packet?) signing. The admins in charge of the server refuse to make it

Hello, I've been doing some extensive troubleshooting with respect to some issues mounting CIFS shares on a Windows box via Kerberos. We're using the command: /sbin/mount.cifs //whatever/whatever /whatever -o sec=krb5i This should mount the share using Kerberos & Packet-signing by using the cached credentials of the user executing the command. With judicious use of strace, it

Did you "deleated the computer object" to allow kerberos services. And did you add the CIFS/spn to the computer and keytab ? https://wiki.samba.org/index.php/Generating_Keytabs If its a member, which i assume. kinit Administrator net ads keytab add cifs/$(hostname -f) -k net ads keytab add_update_ads -k Add these and it should work. You might need to restart or reboot., sometimes