Created attachment 18600 [details] kernel log I was investigating why krb5 cannot work with multichannel.... >mount.cifs -o cruid=$UID,multiuser,sec=krb5,vers=3.11,max_channels=4,mfsymlinks -v //DS1621.samdom.mdi.bar/home /media When I checked the kernel console log output, I found the "host" was missing in cifs_spnego.c in the second channel and it may be the cause of the failed multichannel attempt. >grep cifs_spnego trace.log >[93449.717945] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=DS1621.samdom.mdi.bar;ip4=10.112.122.121;sec=krb5;uid=0x0;creduid=0x0;user=root;pid=0x8438d >[93449.800927] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=DS1621.samdom.mdi.bar;ip4=10.112.122.121;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x8438d >[93449.853222] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.221.121;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x8438d >[93449.916213] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.221.121;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x8438d >[93449.922099] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.221.121;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x8438d >[93449.927251] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.221.121;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x8438d >[93449.932294] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.221.121;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x8438d >[93449.937267] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.221.121;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x8438d >[93449.942285] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.221.121;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x8438d >[93449.947636] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.221.121;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x8438d
mount.cifs version: 7.0 filename: /lib/modules/6.8.12-8-pve/kernel/fs/smb/client/cifs.ko softdep: gcm softdep: ccm softdep: aead2 softdep: sha512 softdep: sha256 softdep: cmac softdep: aes softdep: nls softdep: md5 softdep: hmac softdep: ecb version: 2.47 description: VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and also older servers complying with the SNIA CIFS Specification) license: GPL author: Steve French alias: smb3 alias: fs-smb3 alias: fs-cifs srcversion: 423DF052649288F0218A8B4 depends: cifs_md4,netfs,ib_core,rdma_cm,nls_ucs2_utils,cifs_arc4 retpoline: Y intree: Y name: cifs vermagic: 6.8.12-8-pve SMP preempt mod_unload modversions sig_id: PKCS#7 signer: Build time autogenerated kernel key sig_key: 3E:29:1E:02:41:9D:67:AE:03:01:1F:A8:C3:6A:5E:4C:E9:DE:ED:F6 sig_hashalgo: sha512
Tried on newer version of mount.cifs and cifs.ko ... still the same empty host after the first channel >$ grep key trace.log >[ 1487.558989] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=DS1621.samdom.mdi.bar;ip4=192.168.221.121;sec=krb5;uid=0x0;creduid=0x0;user=root;pid=0x626 >[ 1487.567705] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed >[ 1487.585459] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=DS1621.samdom.mdi.bar;ip4=192.168.221.121;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x626 >[ 1487.623936] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.222.38;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x626 >[ 1487.651379] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed >[ 1487.659447] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip6=fd00:8c70:7afe:0000:063f:72ff:feb8:80ff;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x626 >[ 1487.685691] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed >[ 1487.693908] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.222.38;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x626 >[ 1487.693918] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed >[ 1487.702626] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip6=fd00:8c70:7afe:0000:063f:72ff:feb8:80ff;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x626 >[ 1487.702636] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed >[ 1487.711020] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.222.38;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x626 >[ 1487.711029] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed >[ 1487.720305] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip6=fd00:8c70:7afe:0000:063f:72ff:feb8:80ff;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x626 >[ 1487.720316] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed >[ 1487.729524] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip4=192.168.222.38;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x626 >[ 1487.729529] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed >[ 1487.736037] CIFS: fs/smb/client/cifs_spnego.c: key description = ver=0x2;host=;ip6=fd00:8c70:7afe:0000:063f:72ff:feb8:80ff;sec=krb5;uid=0x0;creduid=0x230c3338;user=root;pid=0x626 >[ 1487.736048] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed >[ 1487.747373] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installed mount.cifs version: 7.1 filename: /lib/modules/6.12.17-amd64/kernel/fs/smb/client/cifs.ko.xz softdep: gcm softdep: ccm softdep: aead2 softdep: sha512 softdep: sha256 softdep: cmac softdep: aes softdep: nls softdep: md5 softdep: hmac softdep: ecb version: 2.51 description: VFS to access SMB3 servers e.g. Samba, Macs, Azure and Windows (and also older servers complying with the SNIA CIFS Specification) license: GPL author: Steve French alias: smb3 alias: fs-smb3 alias: fs-cifs srcversion: EB449FCA146DF2237E7AEB4 depends: netfs,dns_resolver,cifs_arc4,cifs_md4,nls_ucs2_utils intree: Y name: cifs retpoline: Y vermagic: 6.12.17-amd64 SMP preempt mod_unload modversions sig_id: PKCS#7 signer: Build time autogenerated kernel key sig_key: 34:25:9B:2D:32:DE:9D:10:3E:44:AD:5F:E5:C5:4D:CF:BD:A2:E8:19 sig_hashalgo: sha256
Created attachment 18604 [details] Patch for cifs kernel client
Yes, you are correct. hostname was not getting populated resulting in failure to establish channels in case of Kerberos. This patch will help to resolve the issue. Please take a look. smb: fix secondary channel creation issue with kerberos by populating hostname when adding channels When mounting a share with kerberos authentication with multichannel support, the share mounts correctly, but fails to create secondary channels. This occurs because the hostname is not populated when adding the channels. The hostname is necessary for the userspace cifs.upcall program to retrieve the required credentials and pass it back to kernel, without hostname secondary channels fails establish. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15824 Signed-off-by: Bharath SM <bharathsm@microsoft.com> Reported-by: xfuren <xfuren@gmail.com> diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c index 3216f7869..3b01b4445 100644 --- a/fs/smb/client/sess.c +++ b/fs/smb/client/sess.c @@ -554,8 +554,7 @@ cifs_ses_add_channel(struct cifs_ses *ses, ctx->domainauto = ses->domainAuto; ctx->domainname = ses->domainName; - /* no hostname for extra channels */ - ctx->server_hostname = ""; + ctx->server_hostname = ses->server->hostname; ctx->username = ses->user_name; ctx->password = ses->password;