Valid starting Expires Service principal
29.10.2020 13:49:42 29.10.2020 23:49:42 <email address hidden>
renew until 30.10.2020 13:49:42
root@kubuntu-lts:# mount -vvv -o sec=krb5,multiuser,vers=3.0,username='KUBUNTU-LTS$' //FILESERVER/share /mnt/test/
mount.cifs kernel mount options: ip=X.X.X.X,unc=\\FILESERVER\share,sec=krb5,multiuser,vers=3.0,user=KUBUNTU-LTS$,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
The samba configuration for the smb share on FILESERVER has the UPN as valid user:
[share]
path = /mnt/share
valid users = +"domain users", "KUBUNTU-LTS$"
force group = "domain users"
Hm, now I get a different return code =-13 in dmesg:
[87872.570848] fs/cifs/cifsfs.c: Devname: //FILESERVER/share flags: 0
[87872.570889] fs/cifs/connect.c: Username: KUBUNTU-LTS$
[87872.570894] fs/cifs/connect.c: file mode: 0755 dir mode: 0755
[87872.570897] fs/cifs/connect.c: CIFS VFS: in mount_get_conns as Xid: 82 with uid: 0
[87872.570899] fs/cifs/connect.c: UNC: \\FILESERVER\share
[87872.570912] fs/cifs/connect.c: Socket created
[87872.570914] fs/cifs/connect.c: sndbuf 16384 rcvbuf 131072 rcvtimeo 0x6d6
[87872.580468] fs/cifs/fscache.c: cifs_fscache_get_client_cookie: (0x000000002f2c35d1/0x00000000bd141cbc)
[87872.580470] fs/cifs/connect.c: Demultiplex PID: 14724
[87872.580475] fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 83 with uid: 0
[87872.580476] fs/cifs/connect.c: Existing smb sess not found
[87872.580479] fs/cifs/smb2pdu.c: Negotiate protocol
[87872.580500] fs/cifs/transport.c: Sending smb: smb_len=106
[87872.585816] fs/cifs/connect.c: RFC1002 header 0xe0
[87872.585823] fs/cifs/smb2misc.c: SMB2 data length 96 offset 128
[87872.585823] fs/cifs/smb2misc.c: SMB2 len 224
[87872.585851] fs/cifs/transport.c: cifs_sync_mid_result: cmd=0 mid=0 state=4
[87872.585857] fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
[87872.585859] fs/cifs/smb2pdu.c: mode 0x1
[87872.585860] fs/cifs/smb2pdu.c: negotiated smb3.0 dialect
[87872.585863] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
[87872.585864] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
[87872.585865] fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
[87872.585867] fs/cifs/connect.c: Security Mode: 0x1 Capabilities: 0x300047 TimeAdjust: 0
[87872.585868] fs/cifs/smb2pdu.c: Session Setup
[87872.585869] fs/cifs/smb2pdu.c: sess setup type 5
[87872.585873] fs/cifs/cifs_spnego.c: key description = ver=0x2;host=FILESERVER;ip4=X.X.X.X;sec=krb5;uid=0x0;creduid=0x0;user=KUBUNTU-LTS$;pid=0x3982
[87872.591266] fs/cifs/transport.c: Sending smb: smb_len=1502
[87872.598034] fs/cifs/connect.c: RFC1002 header 0x49
[87872.598040] fs/cifs/smb2misc.c: SMB2 data length 0 offset 0
[87872.598041] fs/cifs/smb2misc.c: SMB2 len 73
[87872.598056] fs/cifs/transport.c: cifs_sync_mid_result: cmd=1 mid=1 state=4
[87872.598059] Status code returned 0xc0000022 STATUS_ACCESS_DENIED
[87872.598064] fs/cifs/smb2maperror.c: Mapping SMB2 status code 0xc0000022 to POSIX err -13
[87872.598065] fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
[87872.598071] CIFS VFS: \\FILESERVER Send error in SessSetup = -13
[87872.598076] fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 83) rc = -13
[87872.598084] fs/cifs/fscache.c: cifs_fscache_release_client_cookie: (0x000000002f2c35d1/0x00000000bd141cbc)
[87872.598096] fs/cifs/connect.c: CIFS VFS: leaving mount_put_conns (xid = 82) rc = 0
[87872.598097] CIFS VFS: cifs_mount failed w/return code = -13
Hm, if I add an AD username I can mount the share with an valid kerberos ticket for the user:
root@kubuntu-lts:# mount -vvv -o sec=krb5, multiuser, vers=3. 0,cruid= ntfieroch //FILESERVER/share /mnt/test/ X.X,unc= \\FILESERVER/ share,sec= krb5,multiuser, vers=3. 0,cruid= 10011,user= root,pass= ******* *
mount.cifs kernel mount options: ip=X.X.
I want to mount the samba share with multiuser option with the machine accounts UPN in AD. Is that working for you?
If I specify UPN I get:
root@kubuntu-lts:# kinit -k KUBUNTU-LTS$ krb5.keytab ------- ------- ------- ------- ------- ------- ----- LTS$@MPI- DORTMUND. MPG.DE (arcfour-hmac) LTS$@MPI- DORTMUND. MPG.DE (aes128- cts-hmac- sha1-96) LTS$@MPI- DORTMUND. MPG.DE (aes256- cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96) cts-hmac- sha1-96)
root@kubuntu-lts:# klist -ket /etc/krb5.keytab
Keytab name: FILE:/etc/
KVNO Timestamp Principal
---- ------------------- -------
2 22.10.2020 10:54:16 KUBUNTU-
2 22.10.2020 10:54:16 KUBUNTU-
2 22.10.2020 10:54:16 KUBUNTU-
2 22.10.2020 10:54:16 <email address hidden> (arcfour-hmac)
2 22.10.2020 10:54:16 <email address hidden> (aes128-
2 22.10.2020 10:54:16 <email address hidden> (aes256-
2 22.10.2020 10:54:16 <email address hidden> (arcfour-hmac)
2 22.10.2020 10:54:16 <email address hidden> (aes128-
2 22.10.2020 10:54:16 <email address hidden> (aes256-
2 22.10.2020 10:54:16 <email address hidden> (arcfour-hmac)
2 22.10.2020 10:54:16 <email address hidden> (aes128-
2 22.10.2020 10:54:16 <email address hidden> (aes256-
2 22.10.2020 10:54:16 <email address hidden> (arcfour-hmac)
2 22.10.2020 10:54:17 <email address hidden> (aes128-
2 22.10.2020 10:54:17 <email address hidden> (aes256-
root@kubuntu-lts:# klist LTS$@MPI- DORTMUND. MPG.DE
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: KUBUNTU-
Valid starting Expires Service principal
29.10.2020 13:49:42 29.10.2020 23:49:42 <email address hidden>
renew until 30.10.2020 13:49:42
root@kubuntu-lts:# mount -vvv -o sec=krb5, multiuser, vers=3. 0,username= 'KUBUNTU- LTS$' //FILESERVER/share /mnt/test/ X.X,unc= \\FILESERVER\ share,sec= krb5,multiuser, vers=3. 0,user= KUBUNTU- LTS$,pass= ******* *
mount.cifs kernel mount options: ip=X.X.
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
The samba configuration for the smb share on FILESERVER has the UPN as valid user:
[share]
path = /mnt/share
valid users = +"domain users", "KUBUNTU-LTS$"
force group = "domain users"
Hm, now I get a different return code =-13 in dmesg:
[87872.570848] fs/cifs/cifsfs.c: Devname: //FILESERVER/share flags: 0 get_client_ cookie: (0x000000002f2c 35d1/0x00000000 bd141cbc) transport. c: Sending smb: smb_len=106 transport. c: cifs_sync_ mid_result: cmd=0 mid=0 state=4 buf_release cifs_spnego. c: key description = ver=0x2; host=FILESERVER ;ip4=X. X.X.X;sec= krb5;uid= 0x0;creduid= 0x0;user= KUBUNTU- LTS$;pid= 0x3982 transport. c: Sending smb: smb_len=1502 transport. c: cifs_sync_ mid_result: cmd=1 mid=1 state=4 ACCESS_ DENIED smb2maperror. c: Mapping SMB2 status code 0xc0000022 to POSIX err -13 buf_release release_ client_ cookie: (0x000000002f2c 35d1/0x00000000 bd141cbc)
[87872.570889] fs/cifs/connect.c: Username: KUBUNTU-LTS$
[87872.570894] fs/cifs/connect.c: file mode: 0755 dir mode: 0755
[87872.570897] fs/cifs/connect.c: CIFS VFS: in mount_get_conns as Xid: 82 with uid: 0
[87872.570899] fs/cifs/connect.c: UNC: \\FILESERVER\share
[87872.570912] fs/cifs/connect.c: Socket created
[87872.570914] fs/cifs/connect.c: sndbuf 16384 rcvbuf 131072 rcvtimeo 0x6d6
[87872.580468] fs/cifs/fscache.c: cifs_fscache_
[87872.580470] fs/cifs/connect.c: Demultiplex PID: 14724
[87872.580475] fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 83 with uid: 0
[87872.580476] fs/cifs/connect.c: Existing smb sess not found
[87872.580479] fs/cifs/smb2pdu.c: Negotiate protocol
[87872.580500] fs/cifs/
[87872.585816] fs/cifs/connect.c: RFC1002 header 0xe0
[87872.585823] fs/cifs/smb2misc.c: SMB2 data length 96 offset 128
[87872.585823] fs/cifs/smb2misc.c: SMB2 len 224
[87872.585851] fs/cifs/
[87872.585857] fs/cifs/misc.c: Null buffer passed to cifs_small_
[87872.585859] fs/cifs/smb2pdu.c: mode 0x1
[87872.585860] fs/cifs/smb2pdu.c: negotiated smb3.0 dialect
[87872.585863] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
[87872.585864] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
[87872.585865] fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
[87872.585867] fs/cifs/connect.c: Security Mode: 0x1 Capabilities: 0x300047 TimeAdjust: 0
[87872.585868] fs/cifs/smb2pdu.c: Session Setup
[87872.585869] fs/cifs/smb2pdu.c: sess setup type 5
[87872.585873] fs/cifs/
[87872.591266] fs/cifs/
[87872.598034] fs/cifs/connect.c: RFC1002 header 0x49
[87872.598040] fs/cifs/smb2misc.c: SMB2 data length 0 offset 0
[87872.598041] fs/cifs/smb2misc.c: SMB2 len 73
[87872.598056] fs/cifs/
[87872.598059] Status code returned 0xc0000022 STATUS_
[87872.598064] fs/cifs/
[87872.598065] fs/cifs/misc.c: Null buffer passed to cifs_small_
[87872.598071] CIFS VFS: \\FILESERVER Send error in SessSetup = -13
[87872.598076] fs/cifs/connect.c: CIFS VFS: leaving cifs_get_smb_ses (xid = 83) rc = -13
[87872.598084] fs/cifs/fscache.c: cifs_fscache_
[87872.598096] fs/cifs/connect.c: CIFS VFS: leaving mount_put_conns (xid = 82) rc = 0
[87872.598097] CIFS VFS: cifs_mount failed w/return code = -13