We need to mount CIFS shares on Isilon on linux clients using kerberos. I keep getting this error: "
# mount -t cifs //smartconnectzone_name.mydomain.com/share_name /test -v -o sec=krb5,username=myid,domain=mydomain
mount error(2): No such file or directory
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Checking kerberos , looks good
# kvno cifs/smartconnectzone_name.mydomain.com
firstname.lastname@example.org: kvno = 12
# smbclient -d 10 -k '//smartconnectzone_name.mydomain.com/share_name'
cli_session_setup_spnego: using target hostname not SPNEGO principal
cli_session_setup_spnego: guessed server email@example.com
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_0] expiration Fri, 30 Oct 2015 21:15:30 EDT
ads_krb5_mk_req: Ticket (firstname.lastname@example.org) in ccache (FILE:/tmp/krb5cc_0) is valid until: (Fri, 30 Oct 2015 21:15:30 EDT - 1446254130)
Got KRB5 session key of length 16
SPNEGO login failed: NT_STATUS_NO_SUCH_FILE
lang_tdb_init: /usr/lib64/samba/en_US.UTF-8.msg: No such file or directory
session setup failed: NT_STATUS_NO_SUCH_FILE
Doing packet capture, I see "SMB session set up AndX: STATUS_NO_SUCH_FILE" error when it fails.
We have NFSv4 using krb5 working fine. The KDC is on our AD servers. we are on OneFS v184.108.40.206. I can map the CIFS share on a windows box fine.
Any ideas what we might have missed for the SMB mounts to work?
I did some testing with a colleague. After some configuration we where able to successfully mount a CIF share on a linux client. We also messed around with the krb5 keys and authentication and had no luck reproducing the error you are seeing.
We tracked down an SR, which I believe you had opened, as your name matched the person who opened the SR. I saw a suggestion to try and set up a virtual cluster and check to see if the same issues where occurring on that?
Regardless with the supplied information and the testing we have done, we are not able to reproduce this error while authenticating, it may be environmentally induced and would need to gather more information. For this I would like to have you open and SR:
To create a service request, you have a couple options:
1. Log in to your online account on support.emc.com and go to this page: https://support.emc.com/servicecenter/createSR
2. Call in to EMC Isilon Support at 1-800-782-4362 (For a complete local country dial list, please see this document: http://www.emc.com/collateral/contact-us/h4165-csc-phonelist-ho.pdf)
Shane, Yes, that is my SR...-
Yes building a virtual cluster is a good idea but that is taking us sometime on our side waiting for a test vmware cluster to be up. Users can not wait for us to build the virtual cluster so we need to get this working. We have followed the guide/white paper in setting this up, but no luck.
I am happy to give as much information as you guys require. As you can see on the SR, I have uploaded pcaps, logs etc.. Any help we can get to have this working is much appreciated.
Shane, here it is:
# cat /etc/samba/smb.conf
workgroup = mydomain
server string = Samba Server Version %v
security = ads
passdb backend = tdbsam
realm = mydomain.com
password server = ldapad.mydomain.com
client ntlmv2 auth = yes
kerberos method = secrets and keytab
log file = /var/log/samba/log.%m
max log size = 50
I just wanted to let you know that we have a few extra eyes on the issue, we're working with the current case owner of SR 74825994 investigating the issue and reviewing the info in the case. Along with gathering some new info.