Hm, if I add an AD username I can mount the share with an valid kerberos
ticket for the user:
root@kubuntu-lts:# mount -vvv -o sec=krb5,multiuser,vers=3.0,cruid=ntfieroch
//FILESERVER/share /mnt/test/
mount.cifs kernel mount options:
ip=X.X.X.X,unc=\\FILESERVER/share,sec=krb5,multiuser,vers=3.0,cruid=10011,user=root,pass=
I want to mount the samba share with multiuser option with the machine
accounts UPN in AD. Is that working for you?
If I specify UPN I get:
root@kubuntu-lts:# kinit -k KUBUNTU-LTS$
root@kubuntu-lts:# klist -ket /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
--- --
2 22.10.2020 10:54:16 KUBUNTU-LTS$@MPI-DORTMUND.MPG.DE (arcfour-hmac)
2 22.10.2020 10:54:16 KUBUNTU-LTS$@MPI-DORTMUND.MPG.DE
(aes128-cts-hmac-sha1-96)
2 22.10.2020 10:54:16 KUBUNTU-LTS$@MPI-DORTMUND.MPG.DE
(aes256-cts-hmac-sha1-96)
2 22.10.2020 10:54:16 host/kubuntu-...@mpi-dortmund.mpg.de (arcfour-hmac)
2 22.10.2020 10:54:16 host/kubuntu-...@mpi-dortmund.mpg.de
(aes128-cts-hmac-sha1-96)
2 22.10.2020 10:54:16 host/kubuntu-...@mpi-dortmund.mpg.de
(aes256-cts-hmac-sha1-96)
2 22.10.2020 10:54:16
host/kubuntu-lts.client.mpi-dortmund.mpg...@mpi-dortmund.mpg.de (arcfour-hmac)
2 22.10.2020 10:54:16
host/kubuntu-lts.client.mpi-dortmund.mpg...@mpi-dortmund.mpg.de
(aes128-cts-hmac-sha1-96)
2 22.10.2020 10:54:16
host/kubuntu-lts.client.mpi-dortmund.mpg...@mpi-dortmund.mpg.de
(aes256-cts-hmac-sha1-96)
2 22.10.2020 10:54:16 RestrictedKrbHost/kubuntu-...@mpi-dortmund.mpg.de
(arcfour-hmac)
2 22.10.2020 10:54:16 RestrictedKrbHost/kubuntu-...@mpi-dortmund.mpg.de
(aes128-cts-hmac-sha1-96)
2 22.10.2020 10:54:16 RestrictedKrbHost/kubuntu-...@mpi-dortmund.mpg.de
(aes256-cts-hmac-sha1-96)
2 22.10.2020 10:54:16
RestrictedKrbHost/kubuntu-lts.client.mpi-dortmund.mpg...@mpi-dortmund.mpg.de
(arcfour-hmac)
2 22.10.2020 10:54:17
RestrictedKrbHost/kubuntu-lts.client.mpi-dortmund.mpg...@mpi-dortmund.mpg.de
(aes128-cts-hmac-sha1-96)
2 22.10.2020 10:54:17
RestrictedKrbHost/kubuntu-lts.client.mpi-dortmund.mpg...@mpi-dortmund.mpg.de
(aes256-cts-hmac-sha1-96)
root@kubuntu-lts:# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: KUBUNTU-LTS$@MPI-DORTMUND.MPG.DE
Valid starting Expires Service principal
29.10.2020 13:49:42 29.10.2020 23:49:42
krbtgt/mpi-dortmund.mpg...@mpi-dortmund.mpg.de
renew until 30.10.2020 13:49:42
root@kubuntu-lts:# mount -vvv -o
sec=krb5,multiuser,vers=3.0,username='KUBUNTU-LTS$' //FILESERVER/share
/mnt/test/
mount.cifs kernel mount options:
ip=X.X.X.X,unc=\\FILESERVER\share,sec=krb5,multiuser,vers=3.0,user=KUBUNTU-LTS$,pass=
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log
messages (dmesg)
The samba configuration for the smb share on FILESERVER has the UPN as valid
user:
[share]
path = /mnt/share
valid users = +"domain users", "KUBUNTU-LTS$"
force group = "domain users"
Hm, now I get a different return code =-13 in dmesg:
[87872.570848] fs/cifs/cifsfs.c: Devname: //FILESERVER/share flags: 0
[87872.570889] fs/cifs/connect.c: Username: KUBUNTU-LTS$
[87872.570894] fs/cifs/connect.c: file mode: 0755 dir mode: 0755
[87872.570897] fs/cifs/connect.c: CIFS VFS: in mount_get_conns as Xid: 82 with
uid: 0
[87872.570899] fs/cifs/connect.c: UNC: \\FILESERVER\share
[87872.570912] fs/cifs/connect.c: Socket created
[87872.570914] fs/cifs/connect.c: sndbuf 16384 rcvbuf 131072 rcvtimeo 0x6d6
[87872.580468] fs/cifs/fscache.c: cifs_fscache_get_client_cookie:
(0x2f2c35d1/0xbd141cbc)
[87872.580470] fs/cifs/connect.c: Demultiplex PID: 14724
[87872.580475] fs/cifs/connect.c: CIFS VFS: in cifs_get_smb_ses as Xid: 83 with
uid: 0
[87872.580476] fs/cifs/connect.c: Existing smb sess not found
[87872.580479] fs/cifs/smb2pdu.c: Negotiate protocol
[87872.580500] fs/cifs/transport.c: Sending smb: smb_len=106
[87872.585816] fs/cifs/connect.c: RFC1002 header 0xe0
[87872.585823] fs/cifs/smb2misc.c: SMB2 data length 96 offset 128
[87872.585823] fs/cifs/smb2misc.c: SMB2 len 224
[87872.585851] fs/cifs/transport.c: cifs_sync_mid_result: cmd=0 mid=0 state=4
[87872.585857] fs/cifs/misc.c: Null buffer passed to cifs_small_buf_release
[87872.585859] fs/cifs/smb2pdu.c: mode 0x1
[87872.585860] fs/cifs/smb2pdu.c: negotiated smb3.0 dialect
[87872.585863] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0xbb92
[87872.585864] fs/cifs/asn1.c: OID len = 7 oid = 0x1 0x2 0x348 0x1bb92
[87872.585865] fs/cifs/asn1.c: OID len = 10 oid = 0x1 0x3 0x6 0x1
[87872.585867] fs/cifs/connect.c: Security Mode: 0x1 Capabilities: 0x300047
TimeAdjust: 0
[87872.585868] fs/cifs/smb2pdu.c: Session Setup
[87872.585869] fs/cifs/smb2pdu.c: sess setup type 5
[87872.585873] fs/cifs/cifs_spnego.c: key description =