Hi Paulo, On 03-01-2020 15:33, Paulo Alcantara wrote: > Hi Martinj, > > Martijn de Gouw <martijn.de.gouw@xxxxxxxxxxxxxxxxxxxxxxxxx> writes: > >> I'm trying to switch from ntlpssp to kerbebos for mounting our dfs >> shares. It seems to work, but only for 'older' kernel versions. Since we >> are running debian 9 and 10, I'm testing this for both version. The >> thing is that is seems to work when I run kernel 4.19.67, but not when >> I'm running kernel 5.3.9. >> >> What I'm trying to do: >> mount -t cifs //domain.com/common /mnt/common -o >> rw,vers=3.0,sec=krb5,cruid=10003,username=mdg,uid=10003,gid=10276,addr=10.1.1.14,file_mode=0600,dir_mode=0700,nobrl,nohandlecache,user=mdg >> >> So far it works fine on 4.19, but not on 5.3. Because when I try to >> travel into the directories (which are actually dfs pointers to the NAS >> shares) I get permission denied. >> >> So far, I was able to track this down to cifs.upcall, because on kernel >> 4.19 I see it tries to get a service ticket for the nas (cifs.upcall: >> handle_krb5_mech: getting service ticket for nas01.domain.com). But on >> kernel 5.3 it tries to get a ticket for the dc again: cifs.upcall: >> handle_krb5_mech: getting service ticket for dc01.domain.com. >> >> What could be wrong here? > > Could you please try it again with below commit: > > 5bb30a4dd60e ("cifs: Fix retrieval of DFS referrals in cifs_mount()") I tried kernel 5.4.6, including this fix, but still no luck: [ 25.825075] CIFS: Attempting to mount //domain.com/common [ 27.127925] CIFS VFS: BAD_NETWORK_NAME: \\domain.com\common [ 31.406697] CIFS: Attempting to mount //DC01.domain.com/common/Pd_Std [ 31.414527] srv rsp padded more than expected. Length 98 not 73 for cmd:1 mid:1 [ 31.414533] Status code returned 0xc000006d STATUS_LOGON_FAILURE [ 31.414537] CIFS VFS: \\DC01.domain.com Send error in SessSetup = -13 [ 31.414544] CIFS VFS: cifs_mount failed w/return code = -13 [ 31.414590] CIFS: Attempting to mount //DC01.domain.com/common/Pd_Std [ 31.422410] Status code returned 0xc000006d STATUS_LOGON_FAILURE [ 31.422416] CIFS VFS: \\DC01.domain.com Send error in SessSetup = -13 [ 31.422423] CIFS VFS: cifs_mount failed w/return code = -13 Where 4.19 prints: [ 132.012498] CIFS: Attempting to mount //domain.com/common [ 132.183038] CIFS VFS: error -2 on ioctl to get interface list [ 132.344343] CIFS: Attempting to mount //nas01/common$/pd_std > > Thanks, > Paulo > Regards, Martijn -- Martijn de Gouw Designer Prodrive Technologies Mobile: +31 63 17 76 161 Phone: +31 40 26 76 200