cifs.upcall does not find/read existing credentials from KRB5CCNAME
Environment
- Red Hat Enterprise Linux 5.4 or earlier
- samba-client-3.0.33-3.7.el5_3.1
Issue
cifs.upcallhas no current provision to getkerberoscredentials cache path from the KRB5CCNAME environment variable.- The
CIFSclient requires that the systemkerberoscache with a pre-existingTGTto be found in the default file location,/tmp/krb5cc_{uid}.
Resolution
- Upgrade
samba-client-3.0.33-3.28.el5or above. - Refer to http://rhn.redhat.com/errata/RHBA-2010-0300.html
Diagnostic Steps
- Add an entry in /etc/fstab to mount the cifs share,
//winc.test.example.com/Winshare /cifs cifs username=winuser@TEST.EXAMPLE.COM,sec=krb5i,noauto,users 0 0
- set SUID on /sbin/mount.cifs , chown mount point to 'winuser'
- Add necessary entries to request-key.conf as per cifs.upcall man page
- Login as 'winuser' try to mount cifs share
-
mount fails with the following error.
$ mount /cifs mount error 126 = Required key not available Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) -
Debug logs
Aug 7 23:50:33 server1 automount[2601]: attempting to mount entry /cifs/Wshare Aug 7 23:50:33 server1 automount[2601]: lookup_mount: lookup(file): looking up Wshare Aug 7 23:50:33 server1 automount[2601]: lookup_mount: lookup(file): Wshare -> -fstype=cifs,username=nctest@TESTLAB.TEST.EXAMPLE.COM,sec=krb5i ://winc.testlab.test.example.com/Wshare Aug 7 23:50:33 server1 automount[2601]: parse_mount: parse(sun): expanded entry: -fstype=cifs,username=nctest@TESTLAB.TEST.EXAMPLE.COM,sec=krb5i ://winc.testlab.test.example.com/Wshare Aug 7 23:50:33 server1 automount[2601]: parse_mount: parse(sun): gathered options: timout=60,fstype=cifs,username=nctest@TESTLAB.TEST.EXAMPLE.COM,sec=krb5i Aug 7 23:50:33 server1 automount[2601]: parse_mount: parse(sun): dequote("://winc.testlab.test.example.com/Wshare") -> ://winc.testlab.test.example.com/Wshare Aug 7 23:50:33 server1 automount[2601]: parse_mount: parse(sun): core of entry: options=timout=60,fstype=cifs,username=nctest@TESTLAB.TEST.EXAMPLE.COM,sec=krb5i,loc=://winc.testlab.test.example.com/Wshare Aug 7 23:50:33 server1 automount[2601]: sun_mount: parse(sun): mounting root /cifs, mountpoint Wshare, what //winc.testlab.test.example.com/Wshare, fstype cifs, options timout=6 0,username=nctest@TESTLAB.TEST.EXAMPLE.COM,sec=krb5i Aug 7 23:50:33 server1 automount[2601]: do_mount: //winc.testlab.test.example.com/Wshare /cifs/Wshare type cifs options timout=60,username=nctest@TESTLAB.TEST.EXAMPLE.COM,sec=krb5i using module generic Aug 7 23:50:33 server1 automount[2601]: mount_mount: mount(generic): calling mkdir_path /cifs/Wshare Aug 7 23:50:33 server1 automount[2601]: mount_mount: mount(generic): calling mount -t cifs -s -o timout=60,username=nctest@TESTLAB.TEST.EXAMPLE.COM,sec=krb5i //winc.testlab.test.example.com/Wshare /cifs/Wshare Aug 7 23:50:33 server1 kernel: CIFS: Unknown mount option timout Aug 7 23:50:33 server1 kernel: CIFS VFS: Send error in SessSetup = -126 Aug 7 23:50:33 server1 kernel: CIFS VFS: cifs_mount failed w/return code = -126 Aug 7 23:50:33 server1 automount[2601]: >> mount error 126 = Required key not available Aug 7 23:50:33 server1 automount[2601]: >> Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) Aug 7 23:50:33 server1 automount[2601]: spawn_mount: mount failed with error code 16, retrying with the -f option
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
