Re: cifs.upcall requests ticket for wrong host when using dfs

From: Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com>
To: Paulo Alcantara <pc@cjr.nz>,
	"linux-cifs@vger.kernel.org" <linux-cifs@vger.kernel.org>
Subject: Re: cifs.upcall requests ticket for wrong host when using dfs
Date: Fri, 3 Jan 2020 16:30:41 +0000	[thread overview]
Message-ID: <5260c45c-0a31-168d-f9db-83bb6bd4a2cf@prodrive-technologies.com> (raw)
In-Reply-To: <87png0boej.fsf@cjr.nz>

Hi Paulo,

On 03-01-2020 15:33, Paulo Alcantara wrote:
> Hi Martinj,
> 
> Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com> writes:
> 
>> I'm trying to switch from ntlpssp to kerbebos for mounting our dfs
>> shares. It seems to work, but only for 'older' kernel versions. Since we
>> are running debian 9 and 10, I'm testing this for both version. The
>> thing is that is seems to work when I run kernel 4.19.67, but not when
>> I'm running kernel 5.3.9.
>>
>> What I'm trying to do:
>> mount -t cifs //domain.com/common /mnt/common -o
>> rw,vers=3.0,sec=krb5,cruid=10003,username=mdg,uid=10003,gid=10276,addr=10.1.1.14,file_mode=0600,dir_mode=0700,nobrl,nohandlecache,user=mdg
>>
>> So far it works fine on 4.19, but not on 5.3. Because when I try to
>> travel into the directories (which are actually dfs pointers to the NAS
>> shares) I get permission denied.
>>
>> So far, I was able to track this down to cifs.upcall, because on kernel
>> 4.19 I see it tries to get a service ticket for the nas (cifs.upcall:
>> handle_krb5_mech: getting service ticket for nas01.domain.com). But on
>> kernel 5.3 it tries to get a ticket for the dc again: cifs.upcall:
>> handle_krb5_mech: getting service ticket for dc01.domain.com.
>>
>> What could be wrong here?
> 
> Could you please try it again with below commit:
> 
>        5bb30a4dd60e ("cifs: Fix retrieval of DFS referrals in cifs_mount()")

I tried kernel 5.4.6, including this fix, but still no luck:
[   25.825075] CIFS: Attempting to mount //domain.com/common
[   27.127925] CIFS VFS:  BAD_NETWORK_NAME: \\domain.com\common
[   31.406697] CIFS: Attempting to mount //DC01.domain.com/common/Pd_Std
[   31.414527] srv rsp padded more than expected. Length 98 not 73 for cmd:1 mid:1
[   31.414533] Status code returned 0xc000006d STATUS_LOGON_FAILURE
[   31.414537] CIFS VFS: \\DC01.domain.com Send error in SessSetup = -13
[   31.414544] CIFS VFS: cifs_mount failed w/return code = -13
[   31.414590] CIFS: Attempting to mount //DC01.domain.com/common/Pd_Std
[   31.422410] Status code returned 0xc000006d STATUS_LOGON_FAILURE
[   31.422416] CIFS VFS: \\DC01.domain.com Send error in SessSetup = -13
[   31.422423] CIFS VFS: cifs_mount failed w/return code = -13

Where 4.19 prints:
[  132.012498] CIFS: Attempting to mount //domain.com/common
[  132.183038] CIFS VFS: error -2 on ioctl to get interface list
[  132.344343] CIFS: Attempting to mount //nas01/common$/pd_std

> 
> Thanks,
> Paulo
> 

Regards, Martijn

-- 
Martijn de Gouw
Designer
Prodrive Technologies
Mobile: +31 63 17 76 161
Phone:  +31 40 26 76 200