Kerberos authentication failure when accessing CIFS shares with gssproxy without impersonate

Solution Verified - Updated 2026-03-10T13:26:58+00:00 -

Issue

cifs.upcall[12345]: cifs_krb5_get_req: unable to get credentials for cifs-server.example.com
kernel: CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed
Cannot access share if user default Kerberos does not have valid
Users should still able to mount even when the default Kerberos ccache does not contain the right TGT

Environment

Products
- Red Hat Enterprise Linux 10
- Red Hat Enterprise Linux 9
- Red Hat Enterprise Linux 8
Packages
- cifs-util
- gssproxy
Prerequisite
- Corresponding valid keytabs are installed in /var/lib/gssproxy/clients/
- Share is accessable if Kerberos ticket is obtained manually

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2026 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)