cc:ing the containers list for tracking purposes... On 02/03/2011 07:56 AM, Nicolas Bourbaki wrote: > Hi, > > I've got a problem with LXC, CIFS and Kerberos. Sorry if you're not > the person concerned by this but I've seen you submited a patch about > LXC and CIFS mounts recently > > > Here is my bug report : > > > ----------------------------------------------------------------------------------------------------------------------------- > [1.] Summary > Kerberos credential are taken from the host context when using > mount.cifs in an lxc container Yeah, not surprised there's more to do there. I only had one very simple test case, and I stopped when I made that work. I'm happy to fix it, the question is how do I set up a kerberos authentication test case? (I'm not very experienced at setting up samba, I'm more a developer than a sysadmin.) A quick rummage found: https://help.ubuntu.com/community/Samba/Kerberos Which presumably explains it. I'll go read that... > [2.] Description > When using kerberos as system authentication for CIFS, mount fails in > an LXC container. We need to have the kerberos ticket ans keyutils in > the host to have it works. So it seem's that there is an isolation > problem for this particular configuration. > > [2.1] Scenario 1: Host is minimalist, container fully configured > (kerberos, CIFS, credentials, ...) > #mount.cifs '//some-server/some-directory' /mnt -o > iocharset=utf8,rw,sec=krb5i,user=foo > mount error(2): No such file or directory > > [2.2] Scenario 2: Host has keyutils package (ubuntu) installed but no > credentials, container fully configured (kerberos, CIFS, credentials, > ...) > #mount.cifs '//some-server/some-directory' /mnt -o > iocharset=utf8,rw,sec=krb5i,user=foo > mount error(126): Required key not available > > [2.3] Scenario 3: Host has keyutils package (ubuntu) installed and > kerberos credentials, container fully configured (kerberos, CIFS, > credentials, ...) > #mount.cifs '//some-server/some-directory' /mnt -o > iocharset=utf8,rw,sec=krb5i,user=foo > Succes ! Should be fairly straightforward to fix, I just need to set up the test case... > ----------------- > lxc version: 0.7.2 > ----------------- > ii krb5-config 2.2 > Configuration files for Kerberos Version 5 > ii libgssapi-krb5-2 1.8.1+dfsg-5ubuntu0.2 > MIT Kerberos runtime libraries - krb5 GSS-API Mechanism > ii libkrb5-26-heimdal 1.4.0~git20100605.dfsg.1-2 > Heimdal Kerberos - libraries > ii libkrb5-3 1.8.1+dfsg-5ubuntu0.2 > MIT Kerberos runtime libraries > ii libkrb5support0 1.8.1+dfsg-5ubuntu0.2 > MIT Kerberos runtime libraries - Support library > ii cifs-utils 2:4.5-2 > Common Internet File System utilities Ok. Thanks, Rob _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
