Comment 0 for bug 1862858
Revision history for this message
| steveb (tniagcpm) wrote CIFS acesses DFS referral with wrong Kerberos ticket | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
kubuntu 19.10 with kernel 5.3.0-29-generic and64.
This looks like a regression in the kernel CIFS module after the 4.15 & 5.0 kernels.
These earlier kernels follow the DFS referrals without error.
The problem:
- Use mount.cifs with kerberos authentication to mount a samba server hosting a DFS root.
You will get a KRB ticket for the "dfs_root" machine.
- Attempt to access a host a host via a DFS referral (call this "target_host")
- Access will fail with "Permission Denied".
- Use Wireshark to monitor CIFS and KRB traffic.
- The kernel attempts to authenticate to "target_host" using the KRB ticket for "dfs_root".
Note:
- A DFS target running Win2008R2 will reply with STATUS_
kernel will get a KRB ticket for "target_host" and use it.
The connection is then successful.
- A DFS target running Samba 4.7.6 will reply with STATUS_
The connection fails.
Expected Result:
- Successful connection.
- The kernel should get a KRB ticket for "target_host" and use it.
(This is what kernels 4.15 and 5.0 do [and a Windows client])