Re: cifs autofs krb5i

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 17 Nov 2012 08:53:02 +0100
"sergio.conrad" <sergio.conrad@xxxxxxxxxxx> wrote:

> 
> 
> 
> > Message du 17/11/12 03:01
> > De : "Jeff Layton" 
> > A : "sergio.conrad" 
> > Copie à : linux-cifs@xxxxxxxxxxxxxxx
> > Objet : Re: cifs autofs krb5i
> >
> > On Fri, 16 Nov 2012 23:37:52 +0100
> > "sergio.conrad"  wrote:
> > 
> > > Hi,
> > > 
> > > I am able to connect to cifs share on Windows 2008 with Kerberos security via autofs 
> with 
> > > this map : 
> > > * -
> > > 
> fstype=cifs,sec=krb5i,user=&,uid=&,cruid=&,file_mode=0700,dir_mode=0700,nounix,noserverin
> > > o ://figue/data/&
> > > 
> > > Is it working fine with alpha numeric login 
> > > fs/cifs/cifs_spnego.c: key description = 
> > > 
> ver=0x2;host=figue;ip4=130.120.8.11;sec=krb5;uid=0x1000001;creduid=0x1000001;user=conrad3
> > > ;pid=0xd331
> > > 
> > > 
> > > But if i use numeric only login like 12345678 i have a problem :
> > > fs/cifs/cifs_spnego.c: key description = 
> > > 
> ver=0x2;host=figue;ip4=130.120.8.11;sec=krb5;uid=0xbc614e;creduid=0xbc614e;user=12345678;
> > > pid=0xe5db
> > > fs/cifs/sess.c: ssetup freeing small buf ffff88003a838140
> > > CIFS VFS: Send error in SessSetup = -126
> > > fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 223) rc = -126
> > > fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 222) rc = -126
> > > CIFS VFS: cifs_mount failed w/return code = -126
> > > 
> > > What can I do to solve this issue ?
> > 
> > 
> > cifs.upcall logs at daemon.debug level. Set up syslog to log that and
> > you'll get some details about what it's doing.
> > 
> > -- 
> > Jeff Layton 
> > 
> 
> Thanks for your response, 
> I got the error 
> Nov 17 08:42:53 centad5 cifs.upcall: find_krb5_cc: /tmp/krb5cc_16777221 is owned by 
> 16777221, not 12345678
> 
> Perhaps it is a confusion about the uid and the login in a numeric value
> 
> [12345678@centad5 ~]$ id
> uid=16777221(12345678) gid=16777216(utilisateurs du domaine) 
> groupes=16777216(utilisateurs du domaine),16777217(profs)
> 
> The full log is :
> 
> Nov 17 08:42:53 centad5 cifs.upcall: key description: 
> cifs.spnego;0;0;3f000000;ver=0x2;host=figue;ip4=130.120.8.11;sec=krb5;uid=0xbc614e;credui
> d=0xbc614e;user=12345678;pid=0x9b5
> Nov 17 08:42:53 centad5 cifs.upcall: ver=2
> Nov 17 08:42:53 centad5 cifs.upcall: host=figue
> Nov 17 08:42:53 centad5 cifs.upcall: ip=130.120.8.11
> Nov 17 08:42:53 centad5 cifs.upcall: sec=1
> Nov 17 08:42:53 centad5 cifs.upcall: uid=12345678
> Nov 17 08:42:53 centad5 cifs.upcall: creduid=12345678
> Nov 17 08:42:53 centad5 cifs.upcall: user=12345678
> Nov 17 08:42:53 centad5 cifs.upcall: pid=2485
> Nov 17 08:42:53 centad5 cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_16777221
> Nov 17 08:42:53 centad5 cifs.upcall: find_krb5_cc: /tmp/krb5cc_16777221 is owned by 
> 16777221, not 12345678
> Nov 17 08:42:53 centad5 cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_16777216
> Nov 17 08:42:53 centad5 cifs.upcall: find_krb5_cc: /tmp/krb5cc_16777216 is owned by 
> 16777216, not 12345678
> Nov 17 08:42:53 centad5 cifs.upcall: krb5_get_init_creds_keytab: 13
> Nov 17 08:42:53 centad5 cifs.upcall: handle_krb5_mech: getting service ticket for figue
> Nov 17 08:42:53 centad5 cifs.upcall: cifs_krb5_get_req: unable to resolve (null) to 
> ccache
> @

What a bizarre setup you have. I imagine all sorts of things get
confused by numeric usernames. Many programs will assume that when
given a numeric username that it's a uid, not a name. You might
reconsider that setup -- maybe prefix the numbers with a letter or
something...

In any case, it does seem like there is confusion somewhere with
numeric uids, but I don't think that confusion is with cifs.upcall. If
that is the correct credcache for this user, then it looks like its
being created with the wrong ownership.

What does the output of "klist" look like when you're logged in as this
user?

How about the output of "stat /tmp/krb5cc_16777216" ?

-- 
Jeff Layton <jlayton@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux