Hello!
I try to automount a cifs folder on an ubuntu 20.04 client from my nas (QNAP running Samba 4.7.12) using the respective user's kerberos ticket. I hunted the problem down to the method "get_existing_cc" in cifs.upcall which returns the path "/tmp/krb5cc_{uid}" although that filed is named "/tmp/krb5cc_{uid}_abcdef". Env variables $KRB5CCNAME and /proc/{pid}/environ hold that latter name, by the way, so I don't know why "get_existing_cc" comes up with the wrong
cache filename.
> Jun 13 17:04:11 desktop-linux kernel: CIFS: Attempting to mount //nas/homes/DOMAIN=HOME/Administrator
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: key description:
> cifs.spnego;0;0;39010000;ver=0x2;host=nas;
> ip4=172.16.20.20;sec=krb5;uid=0x2715;creduid=0x2715;user=administrator;pid=0x16ce
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: ver=2
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: host=nas
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: ip=172.16.20.20
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: sec=1
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: uid=10005
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: creduid=10005
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: user=administrator
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: pid=5838
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: get_cachename_from_process_env: pathname=/proc/5838/environ
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: get_existing_cc: default ccache is FILE:/tmp/krb5cc_10005
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: get_tgt_time: unable to get principal
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: krb5_get_init_creds_keytab: -1765328174
> Jun 13 17:04:11 desktop-linux cifs.upcall[5845]: Exit status 1
> Jun 13 17:04:11 desktop-linux mount[5838]: mount error(2): No such file or directory
> Jun 13 17:04:11 desktop-linux mount[5838]: Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
> Jun 13 17:04:11 desktop-linux kernel: CIFS VFS: \\nas Send error in SessSetup = -126
> Jun 13 17:04:11 desktop-linux kernel: CIFS VFS: cifs_mount failed w/return code = -2
> Jun 13 17:04:11 desktop-linux systemd[1]: home-administrator-Ablage.mount: Mount process exited, code=exited, status=32/n/a
With a symlink named "/tmp/krb5cc_{uid}" to the correct cache file the automount works flawlessly, but that extra six characters being a security feature (from what I read about it) I would not necessarily want to work around it.
Besides that, I have seen the method returning the correct name during some of my tests, but I'm not able to reconstruct the fstab entry that I used. But every time I put the "noauto" in /etc/fstab, it only returns the shortened cache file name, which of course does not exist.
Is there any advice on how I can fix this problem or is this a bug in cifs.upcall?
Best regards
Marco
