Re: Kerberized mount.cifs with SMB>1?

[Jurjen Bokma <j.bokma-39IHFo8E5E0@public.gmane.org>]

On 10/20/2014 06:24 PM, steve wrote:
> On 19/10/14 22:48, Jurjen Bokma wrote:
>> On 10/19/2014 10:42 PM, steve wrote:
>>> On 19/10/14 22:30, Jurjen Bokma wrote:
>>>
>>>> So I would very much like to use SMB3 to get to the Windows file
>>>> servers. Kerberized SMB1 worked like a charm. Speed/bandwidth is not
>>>> really the issue here.
>>>>
>>> Yeah, of course. Never knew there was any security involved. Worrying.
>> Did you ever have SMB3 working Kerberized? If I know it's supposed to
>> work, I'll give up less easily.
>>
> Hi
> We have everything default. We'd no idea that smb3 existed until this
> thread. Anyway, it doesn't work here either:
> CIFS VFS: cifs_mount failed w/return code = -128
> I think the Kerberos has worked because that codes means that the ticket
> has expired, except it hasn't because removing vers=3.0 mounts fine.
> But we don't know if our Samba4 file servers are capable of it anyway. I
> think we'd have to change something in smb.conf.
Maybe to serve SMB3. Max protocol comes to mind. But editing smb.conf is
not likely necessary to merely mount a share I presume? IME mount.cifs +
Kerberos will work once krb5.conf and request-key are properly
configured, regardless of the smb.conf on the client.
I did fiddle a bit with /proc/fs/cifs/* though.

> Maybe the devs will look if you bugzilla it?
Will try. But first I'll take a look myself, lest I don't know what to ask.

Thx so far!
Jurjen