> Message du 17/11/12 16:28 > De : "Jeff Layton" > A : "sergio.conrad" > Copie à : linux-cifs@xxxxxxxxxxxxxxx > Objet : Re: cifs autofs krb5i > > On Sat, 17 Nov 2012 14:56:54 +0100 > "sergio.conrad" wrote: > > > > > > > > > > Message du 17/11/12 11:44 > > > De : "Jeff Layton" > > > A : "sergio.conrad" > > > Copie à : linux-cifs@xxxxxxxxxxxxxxx > > > Objet : Re: cifs autofs krb5i > > > > > > On Sat, 17 Nov 2012 08:53:02 +0100 > > > "sergio.conrad" wrote: > > > > > > > > > > > > > > > > > > > > Message du 17/11/12 03:01 > > > > > De : "Jeff Layton" > > > > > A : "sergio.conrad" > > > > > Copie à : linux-cifs@xxxxxxxxxxxxxxx > > > > > Objet : Re: cifs autofs krb5i > > > > > > > > > > On Fri, 16 Nov 2012 23:37:52 +0100 > > > > > "sergio.conrad" wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > > I am able to connect to cifs share on Windows 2008 with Kerberos security via > > autofs > > > > with > > > > > > this map : > > > > > > * - > > > > > > > > > > > > fstype=cifs,sec=krb5i,user=&,uid=&,cruid=&,file_mode=0700,dir_mode=0700,nounix,noserverin > > > > > > o ://figue/data/& > > > > > > > > > > > > Is it working fine with alpha numeric login > > > > > > fs/cifs/cifs_spnego.c: key description = > > > > > > > > > > > > ver=0x2;host=figue;ip4=130.120.8.11;sec=krb5;uid=0x1000001;creduid=0x1000001;user=conrad3 > > > > > > ;pid=0xd331 > > > > > > > > > > > > > > > > > > But if i use numeric only login like 12345678 i have a problem : > > > > > > fs/cifs/cifs_spnego.c: key description = > > > > > > > > > > > > ver=0x2;host=figue;ip4=130.120.8.11;sec=krb5;uid=0xbc614e;creduid=0xbc614e;user=12345678; > > > > > > pid=0xe5db > > > > > > fs/cifs/sess.c: ssetup freeing small buf ffff88003a838140 > > > > > > CIFS VFS: Send error in SessSetup = -126 > > > > > > fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 223) rc = -126 > > > > > > fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 222) rc = -126 > > > > > > CIFS VFS: cifs_mount failed w/return code = -126 > > > > > > > > > > > > What can I do to solve this issue ? > > > > > > > > > > > > > > > cifs.upcall logs at daemon.debug level. Set up syslog to log that and > > > > > you'll get some details about what it's doing. > > > > > > > > > > -- > > > > > Jeff Layton > > > > > > > > > > > > > Thanks for your response, > > > > I got the error > > > > Nov 17 08:42:53 centad5 cifs.upcall: find_krb5_cc: /tmp/krb5cc_16777221 is owned by > > > > 16777221, not 12345678 > > > > > > > > Perhaps it is a confusion about the uid and the login in a numeric value > > > > > > > > [12345678@centad5 ~]$ id > > > > uid=16777221(12345678) gid=16777216(utilisateurs du domaine) > > > > groupes=16777216(utilisateurs du domaine),16777217(profs) > > > > > > > > The full log is : > > > > > > > > Nov 17 08:42:53 centad5 cifs.upcall: key description: > > > > > > cifs.spnego;0;0;3f000000;ver=0x2;host=figue;ip4=130.120.8.11;sec=krb5;uid=0xbc614e;credui > > > > d=0xbc614e;user=12345678;pid=0x9b5 > > > > Nov 17 08:42:53 centad5 cifs.upcall: ver=2 > > > > Nov 17 08:42:53 centad5 cifs.upcall: host=figue > > > > Nov 17 08:42:53 centad5 cifs.upcall: ip=130.120.8.11 > > > > Nov 17 08:42:53 centad5 cifs.upcall: sec=1 > > > > Nov 17 08:42:53 centad5 cifs.upcall: uid=12345678 > > > > Nov 17 08:42:53 centad5 cifs.upcall: creduid=12345678 > > > > Nov 17 08:42:53 centad5 cifs.upcall: user=12345678 > > > > Nov 17 08:42:53 centad5 cifs.upcall: pid=2485 > > > > Nov 17 08:42:53 centad5 cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_16777221 > > > > Nov 17 08:42:53 centad5 cifs.upcall: find_krb5_cc: /tmp/krb5cc_16777221 is owned by > > > > 16777221, not 12345678 > > > > Nov 17 08:42:53 centad5 cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_16777216 > > > > Nov 17 08:42:53 centad5 cifs.upcall: find_krb5_cc: /tmp/krb5cc_16777216 is owned by > > > > 16777216, not 12345678 > > > > Nov 17 08:42:53 centad5 cifs.upcall: krb5_get_init_creds_keytab: 13 > > > > Nov 17 08:42:53 centad5 cifs.upcall: handle_krb5_mech: getting service ticket for > > figue > > > > Nov 17 08:42:53 centad5 cifs.upcall: cifs_krb5_get_req: unable to resolve (null) to > > > > ccache > > > > @ > > > > > > What a bizarre setup you have. I imagine all sorts of things get > > > confused by numeric usernames. Many programs will assume that when > > > given a numeric username that it's a uid, not a name. You might > > > reconsider that setup -- maybe prefix the numbers with a letter or > > > something... > > > > > It seems it is a little late for this, we are already in a production state with Active > > Directory and winbind for authentication, Windows 2008 as a cifs server, Fedora 15 for > > client and using pam_mount for mounting partition. > > As we are experiencing some CIFS VFS: Unexpected SMB signature with this > > I am testing some others ways... > > > > > In any case, it does seem like there is confusion somewhere with > > > numeric uids, but I don't think that confusion is with cifs.upcall. If > > > that is the correct credcache for this user, then it looks like its > > > being created with the wrong ownership. > > > > > > What does the output of "klist" look like when you're logged in as this > > > user? > > > > > > > [12345678@centad5 ~]$ klist > > Ticket cache: FILE:/tmp/krb5cc_16777221 > > Default principal: 12345678@DOMAIN.LOCAL > > > > Valid starting Expires Service principal > > 11/17/12 14:34:04 11/18/12 00:34:04 krbtgt/DOMAIN.LOCAL@DOMAIN.LOCAL > > renew until 11/24/12 14:34:04 > > 11/17/12 14:34:04 11/18/12 00:34:04 CENTAD5$@DOMAIN.LOCAL > > renew until 11/24/12 14:34:04 > > 11/17/12 14:34:04 11/18/12 00:34:04 CENTAD5$@DOMAIN.LOCAL > > renew until 11/24/12 14:34:04 > > [12345678@centad5 ~]$ > > > > > How about the output of "stat /tmp/krb5cc_16777216" ? > > > > 16777216 or 16777221 ? > > I did it for the two files > > > > [12345678@centad5 ~]$ id > > uid=16777221(12345678) gid=16777216(utilisateurs du domaine) > > groupes=16777216(utilisateurs du domaine),16777217(profs) > > [12345678@centad5 ~]$ > > > > > > [12345678@centad5 ~]$ stat /tmp/krb5cc_16777221 > > File: « /tmp/krb5cc_16777221 » > > Size: 3830 Blocks: 8 IO Block: 4096 fichier > > Device: 801h/2049d Inode: 1985377 Links: 1 > > Access: (0600/-rw-------) Uid: (16777221/12345678) Gid: ( 0/ root) > > Access: 2012-11-17 14:41:37.056868612 +0100 > > Modify: 2012-11-17 14:41:32.251850184 +0100 > > Change: 2012-11-17 14:41:32.251850184 +0100 > > > > > > [12345678@centad5 ~]$ stat /tmp/krb5cc_16777216 > > File: « /tmp/krb5cc_16777216 » > > Size: 3751 Blocks: 8 IO Block: 4096 fichier > > Device: 801h/2049d Inode: 1966082 Links: 1 > > Access: (0600/-rw-------) Uid: (16777216/ conrad5) Gid: ( 0/ root) > > Access: 2012-11-16 23:11:47.948511483 +0100 > > Modify: 2012-11-16 23:11:47.948511483 +0100 > > Change: 2012-11-16 23:11:47.948511483 +0100 > > > > > Ok, I think I see now. I believe your problem is in the options you're > passing in at mount time: > > fstype=cifs,sec=krb5i,user=&,uid=&,cruid=&,file_mode=0700,dir_mode=0700,nounix,noserverin o ://figue/data/& > > ...specifically, the 'uid=&' and 'cruid=&' options. When mount.cifs gets > a numeric value for those options, it assumes that it's a uid, not a > username. You should probably replace those options in your automount > map with something like: > > uid=$UID,cruid=$UID > > ...which will make it pass in the numeric uid instead (that should also > be slightly more efficient since you won't need to go to NSS to resolve > username to uid). You may also want to consider adding: > > gid=$GID > > ...but that depends on your needs. See the section on "Variable > Substitution" in autofs(5) for info on $UID and $GID. > > Best of luck! It works ! Thank you, you saved my day, as always ! I will post here if i resolve the unexpected smb signature with this technique Serge > -- > Jeff Layton > Une messagerie gratuite, garantie à vie et des services en plus, ça vous tente ? Je crée ma boîte mail www.laposte.net -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
