Hi Paulo,
On 03-01-2020 15:33, Paulo Alcantara wrote:
> Hi Martinj,
>
> Martijn de Gouw <martijn.de.gouw@xxxxxxxxxxxxxxxxxxxxxxxxx> writes:
>
>> I'm trying to switch from ntlpssp to kerbebos for mounting our dfs
>> shares. It seems to work, but only for 'older' kernel versions. Since we
>> are running debian 9 and 10, I'm testing this for both version. The
>> thing is that is seems to work when I run kernel 4.19.67, but not when
>> I'm running kernel 5.3.9.
>>
>> What I'm trying to do:
>> mount -t cifs //domain.com/common /mnt/common -o
>> rw,vers=3.0,sec=krb5,cruid=10003,username=mdg,uid=10003,gid=10276,addr=10.1.1.14,file_mode=0600,dir_mode=0700,nobrl,nohandlecache,user=mdg
>>
>> So far it works fine on 4.19, but not on 5.3. Because when I try to
>> travel into the directories (which are actually dfs pointers to the NAS
>> shares) I get permission denied.
>>
>> So far, I was able to track this down to cifs.upcall, because on kernel
>> 4.19 I see it tries to get a service ticket for the nas (cifs.upcall:
>> handle_krb5_mech: getting service ticket for nas01.domain.com). But on
>> kernel 5.3 it tries to get a ticket for the dc again: cifs.upcall:
>> handle_krb5_mech: getting service ticket for dc01.domain.com.
>>
>> What could be wrong here?
>
> Could you please try it again with below commit:
>
> 5bb30a4dd60e ("cifs: Fix retrieval of DFS referrals in cifs_mount()")
I tried kernel 5.4.6, including this fix, but still no luck:
[ 25.825075] CIFS: Attempting to mount //domain.com/common
[ 27.127925] CIFS VFS: BAD_NETWORK_NAME: \\domain.com\common
[ 31.406697] CIFS: Attempting to mount //DC01.domain.com/common/Pd_Std
[ 31.414527] srv rsp padded more than expected. Length 98 not 73 for cmd:1 mid:1
[ 31.414533] Status code returned 0xc000006d STATUS_LOGON_FAILURE
[ 31.414537] CIFS VFS: \\DC01.domain.com Send error in SessSetup = -13
[ 31.414544] CIFS VFS: cifs_mount failed w/return code = -13
[ 31.414590] CIFS: Attempting to mount //DC01.domain.com/common/Pd_Std
[ 31.422410] Status code returned 0xc000006d STATUS_LOGON_FAILURE
[ 31.422416] CIFS VFS: \\DC01.domain.com Send error in SessSetup = -13
[ 31.422423] CIFS VFS: cifs_mount failed w/return code = -13
Where 4.19 prints:
[ 132.012498] CIFS: Attempting to mount //domain.com/common
[ 132.183038] CIFS VFS: error -2 on ioctl to get interface list
[ 132.344343] CIFS: Attempting to mount //nas01/common$/pd_std
>
> Thanks,
> Paulo
>
Regards, Martijn
--
Martijn de Gouw
Designer
Prodrive Technologies
Mobile: +31 63 17 76 161
Phone: +31 40 26 76 200
