Bug 1994 - smbmount fails with kerberos, smbclient works
smbmount fails with kerberos, smbclient works
Status: RESOLVED WONTFIX
Product: Samba 3.0
Classification: Unclassified
Component: smbmount (unmaintained)
3.0.7
All Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-04 08:22 UTC by Rob Ristroph
Modified: 2004-11-05 11:27 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rob Ristroph 2004-11-04 08:22:46 UTC
I am using samba 3.0.7 on Redhat 9, installed from the rpms downloaded from
samba.org.  I recompiled the kernel and upgraded samba, otherwise the OS should
be RedHat 9.  The output of uname -a is:

Linux airlink-if.owt.net 2.4.21 #4 Mon Dec 29 15:05:56 CST 2003 i686 i686 i386
GNU/Linux

I attempting to mount a directory shared by a Windows Active Directory machine.
 I looked at the HOWTO and other information and set up kerberos.

If I use the command "smbclient -k //computer-name/share" it will let me into
the directory without asking for a password.  I have to do kinit
username@REALM.COM first, and I have to re-do that after a certain period of
time.  From all this I draw the conclusion that kerberos is working.

However, I cannot smbmount the directory:

#  mount -t smbfs //computer-name/share /mnt -o krb
Warning: kerberos support will only work for samba servers
Anonymous login successful
19628: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed
# 
# smbmount //computer-name/share /mnt -o krb
Warning: kerberos support will only work for samba servers
Anonymous login successful
19629: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed
#

I don't believe the "Access denied" message is from configuration on the other
end, because I can get in with smbclient.

I have also tried putting the username and password in the options,
and leaving off krb, putting the workgroup in there, and just about
every other thing I could think of.
Comment 1 Guenther Deschner 2004-11-04 09:06:24 UTC
If the remote side is not a Samba server (hint: "Warning: kerberos support will
only work for samba servers"), this cannot work because Windows won't map
NT_STATUS_MORE_PROCESSING_REQUIRED to a 16bit status code smbmount requires
(only samba does that).

Apart from that, smb signing might be required (it's default on Windows 2003)
and smbmount does not implement it (and most probably never will do).

Of course, you could "mount -t cifs" a try.
Comment 2 Rob Ristroph 2004-11-04 09:31:04 UTC
I noted the warning about the remote side not being a samba server; however,
smbclient does work.  Why shouldn't smbmount be able to do whatever smbclient does ?

I will have to compile the cifs module for my 2.4 kernel.  I will follow up with
the results from that here.
Comment 3 Guenther Deschner 2004-11-05 03:46:21 UTC
smbmount/smbmnt are just helper-applications for the kernel-module smbfs. smbfs
and smbclient differ a lot.
Comment 4 Rob Ristroph 2004-11-05 11:21:31 UTC
(In reply to comment #3)
> smbmount/smbmnt are just helper-applications for the kernel-module smbfs. smbfs
> and smbclient differ a lot.

I compiled, installed, and tried the cifs module.  It didn't work; I'll
investigate further and collect some log messages and post on the newsgroups
before submitting a bug report, should I find one.

I am currently using a cronjob which runs a script that runs smbclient to solve
my immediate problem.  

If smbclient works, then perhaps I could write a kernel module similar to ftpfs
or sshfs, which would use the protocol from smbclient to emulate a filesystem,
just as ftpfs uses the protocol from ftp to emulate a filesystem.  I could even
call it "smbfs".

I don't mean to sound like a smart-aleck, but if there is code in smbclient that
works, and smbfs doesn't work, you can't exactly blame Microsoft.
Comment 5 Gerald (Jerry) Carter 2004-11-05 11:27:04 UTC
smbfs is not supported nor maintained bythe Samba team.  You need 
to talk the the kernel fs maintainer.  There's also a cifs-linux 
client list if you need support for the cifs fs.  As well as 
a separate bugzilla component (outside of Samba) for filing bugs.