Mounting a MS-Windows DFS (Distributed File System) share errors out with "mount error(126): Required key not available", why?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6

Issue

  • Mounting a MS-Windows DFS (Distributed File System) share errors out with "mount error(126): Required key not available", why?

  • Directories below "/home/user/" are not accessible.

  • Within a mounted NTFS-Shares included DFS-Shares are not accessible.

  • When trying to mount a DFS share, the following error occurs:

[root@host ~]# mount.cifs kernel mount options: ip=<IP-ADDRESS>,unc=\\cifs.example.com\transfer,multiuser,sec=krb5,cruid=50000,ver=1,user=root,pass=********
          mount error(126): Required key not available
          Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
          mount.cifs kernel mount options: ip=<IP-ADDRESS>,unc=\\cifs.example.com\projects,multiuser,sec=krb5,cruid=50000,ver=1,user=root,pass=********
          mount error(126): Required key not available

Resolution

  • The DFS needs the user mapping configured. To configure the mapping please follow the steps below:

  • On RHEL5, the package 'keyutils' must be installed first:

[root@host ~]# yum install keyutils

  • On Red Hat Enterprise Linux 6, the package 'keyutils' is already installed.

  • Open the file '/etc/request-key.conf'

  • For more information about the file and configurations, check the man page 'man request-key.conf' or http://linux.die.net/man/5/request-key.conf

  • Append the following in /etc/request-key.conf:

create cifs.spnego * * /usr/sbin/cifs.upcall -c %k
create dns_resolver * * /usr/sbin/cifs.upcall %k
  • In Red Hat Enterprise Linux 6 with the package 'cifs-utils' installed, '/etc/cifs.spnego.conf' will be automatically added in '/etc/request-key.d':
[root@host ~]# cat cifs.spnego.conf 
create  cifs.spnego    * * /usr/sbin/cifs.upcall %k

[root@host ~]# rpm -q cifs-utils --changelog |grep request
- add stock request-key config files in /etc/request-key.d (bz 843617)
  • With this update, the cifs.idmap helper which allows SID to UID and SID to GID mapping, has been added to the package. Also, the manual page cifs.upcall(8) has been updated and cifs.idmap(8) has been added. (BZ#843617)

Diagnostic Steps

  • Unable to resolve: 
Nov 12 15:22:05 kernel:  CIFS VFS: dns_resolve_server_name_to_ip: unable to resolve: hostname.example.com
Nov 12 15:22:05 kernel:  CIFS VFS: cifs_compose_mount_options:  Failed to resolve server part of \\hostname.example.com\002905$ to  IP: -11 "
  • Direct mounts attempts to "//server.domain/ntshare/directory/dfsshare" throw exceptions:
mount error 11 = Resource temporarily unavailable
Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)
  • From /var/log/messages:
Nov 12 15:20:37 kernel:  CIFS VFS: dns_resolve_server_name_to_ip: unable to resolve: hostname.example.com
Nov  12 15:20:37 kernel:  CIFS VFS: cifs_compose_mount_options:  Failed to resolve server part of \\hostname.example.com\000005$ to  IP: -11
Nov 12 15:20:37 kernel:  CIFS VFS: cifs_mount failed w/return code = -11 "

Feb  7 12:07:15 kernel:  CIFS VFS: cifs_mount failed w/return code = -22
Feb  7 12:07:38 kernel:  CIFS VFS: dns_resolve_server_name_to_ip: unable to resolve: SRV-EOLO
Feb  7 12:07:38 kernel:  CIFS VFS: cifs_compose_mount_options: Failed to resolve server part of \\SRV-EOLO\Apps to IP: -11

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments