Mounting a DFS share returns `mount error(126): Required key not available`
Environment
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 5
- Distributed File System (DFS)
Issue
-
When trying to mount a DFS share, the following error occurs:
# mount.cifs kernel mount options: ip=<IP-ADDRESS>,unc=\\cifs.example.com\transfer,multiuser,sec=krb5,cruid=50000,ver=1,user=root,pass=******** mount error(126): Required key not available Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) mount.cifs kernel mount options: ip=<IP-ADDRESS>,unc=\\cifs.example.com\projects,multiuser,sec=krb5,cruid=50000,ver=1,user=root,pass=******** mount error(126): Required key not available
Resolution
-
The DFS needs the user mapping configured. To configure the mapping please follow the steps below:
-
Install the package
keyutils:# yum install keyutils -
Open the file
/etc/request-key.confand append the following lines:create cifs.spnego * * /usr/sbin/cifs.upcall -c %k create dns_resolver * * /usr/sbin/cifs.upcall %k- For more information, check the manpage
man request-key.conf.
- For more information, check the manpage
-
The
cifs-utilspackage shipped in Red Hat Enterprise Linux 6 includes the file/etc/cifs.spnego.confthat will be automatically added in/etc/request-key.d:# cat cifs.spnego.conf create cifs.spnego * * /usr/sbin/cifs.upcall %k- This was tracked in RHBZ 843617, and changes done in the ackage can be seen in the changelog of
cifs-utilspackage:
# rpm -q cifs-utils --changelog |grep request - add stock request-key config files in /etc/request-key.d (bz 843617)- With this update, the
cifs.idmaphelper which allows SID to UID and SID to GID mapping, has been added to the package. Also, the manual pagecifs.upcall(8)has been updated andcifs.idmap(8)has been added.
- This was tracked in RHBZ 843617, and changes done in the ackage can be seen in the changelog of
Diagnostic Steps
-
The logs show the
unable to resolve: hostnameerror:kernel: CIFS VFS: dns_resolve_server_name_to_ip: unable to resolve: hostname.example.com kernel: CIFS VFS: cifs_compose_mount_options: Failed to resolve server part of \\hostname.example.com\002905$ to IP: -11 " -
Direct mounts attempts to
//server.domain/ntshare/directory/dfssharethrow exceptions:mount error 11 = Resource temporarily unavailable Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) -
The errors are logged in
/var/log/messages:kernel: CIFS VFS: dns_resolve_server_name_to_ip: unable to resolve: hostname.example.com kernel: CIFS VFS: cifs_compose_mount_options: Failed to resolve server part of \\hostname.example.com\000005$ to IP: -11 kernel: CIFS VFS: cifs_mount failed w/return code = -11 kernel: CIFS VFS: cifs_mount failed w/return code = -22 kernel: CIFS VFS: dns_resolve_server_name_to_ip: unable to resolve: SRV-EOLO kernel: CIFS VFS: cifs_compose_mount_options: Failed to resolve server part of \\SRV-EOLO\Apps to IP: -11
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments