(samba) Unable to authenticate using kerberos for cifs mount
Hello
I am studying for my RHCE exam and found a problem with cifs mount.
My goal is to authenticate against kerberos server when doing cifs mount , however, mount command returns error with "Invalid argument",
[root@server2 system]# mount -t cifs //server1.ywlocal.net/smbkrb5 /smbkrb5mnt -o _netdev,rw,username=user7,sec=krb5 -vv
mount.cifs kernel mount options: ip=192.168.11.11,unc=\server1.ywlocal.net\smbkrb5,sec=krb5,user=user7,pass=********
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
I get incoming packets when I check the debug log on samba server so problem may lie on samba server side.
[2017/03/20 15:55:16.334411, 3] ../source3/lib/access.c:338(allow_access)
Allowed connection from 192.168.11.12 (192.168.11.12)
[2017/03/20 15:55:16.465675, 3] ../source3/lib/util_procid.c:54(pid_to_procid)
pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
My environment is below. Both servers are built on top of kvm.
Client side
Red Hat Enterprise Linux Server release 7.3 (Maipo)
samba-client-4.4.4-12.el7_3.x86_64
samba-client-libs-4.4.4-12.el7_3.x86_64
Server side
Red Hat Enterprise Linux Server release 7.3 (Maipo)
samba-4.4.4-12.el7_3.x86_64
I have smb.conf as below.
[root@server1 log]# cat /etc/samba/smb.conf
[global]
netbios name = server1
workgroup = YWLOCAL.NET
server string = server1 is the Samba Server Sharing /common and /smbrhcsa
hosts allow = 127. 192.168.11. .ywlocal.net
interfaces = lo eth0 192.168.11.
passdb backend = smbpasswd
security = user
security = ads
realm = YWLOCAL.NET
log level = 3
log file = /var/log/samba/%m.log
max log size = 5000
[smbkrb5]
comment = /smbkrb5 directory using kerberos authentication
browsable = yes
path = /smbkrb5
public = yes
valid users = user7
write list = user7
writable = yes
I have keytab file as below on samba server side
ktutil: read_kt /etc/krb5.keytab
ktutil: list
slot KVNO Principal
1 6 host/server1.ywlocal.net@YWLOCAL.NET
2 6 host/server1.ywlocal.net@YWLOCAL.NET
3 6 host/server1.ywlocal.net@YWLOCAL.NET
4 6 host/server1.ywlocal.net@YWLOCAL.NET
5 6 host/server1.ywlocal.net@YWLOCAL.NET
6 6 host/server1.ywlocal.net@YWLOCAL.NET
7 6 host/server1.ywlocal.net@YWLOCAL.NET
8 6 host/server1.ywlocal.net@YWLOCAL.NET
9 3 nfs/server1.ywlocal.net@YWLOCAL.NET
10 3 nfs/server1.ywlocal.net@YWLOCAL.NET
11 3 nfs/server1.ywlocal.net@YWLOCAL.NET
12 3 nfs/server1.ywlocal.net@YWLOCAL.NET
13 3 nfs/server1.ywlocal.net@YWLOCAL.NET
14 3 nfs/server1.ywlocal.net@YWLOCAL.NET
15 3 nfs/server1.ywlocal.net@YWLOCAL.NET
16 3 nfs/server1.ywlocal.net@YWLOCAL.NET
17 4 cifs/server1.ywlocal.net@YWLOCAL.NET
18 4 cifs/server1.ywlocal.net@YWLOCAL.NET
19 4 cifs/server1.ywlocal.net@YWLOCAL.NET
20 4 cifs/server1.ywlocal.net@YWLOCAL.NET
21 4 cifs/server1.ywlocal.net@YWLOCAL.NET
22 4 cifs/server1.ywlocal.net@YWLOCAL.NET
23 4 cifs/server1.ywlocal.net@YWLOCAL.NET
24 4 cifs/server1.ywlocal.net@YWLOCAL.NET
Kerberos authentication with nfs mount works perfectly. I found similar problem in bugzilla but it was not solved.
https://bugzilla.redhat.com/show_bug.cgi?id=1378806
Is my problem a bug?
