I'm trying to mount shares on Ubuntu using Kerberos authentication, after logging using an AD account, klist outputs the following
Ticket cache: FILE:/tmp/krb5cc_1320813139_Ipmgx6Default principal: XXXX@XXX.GRPValid starting Expires Service principal06.09.2022 14:15:58 07.09.2022 00:15:58 krbtgt/XXXX.GRP@XXX.GRP renew until 07.09.2022 14:15:58I can also list the shares using smbclient -k -L XXXX.com.
I'm using this script to do the mounting:
#!/bin/bashuser=$(whoami)cruid=$(whoami)gid=$(id -g $user)uid=$(id -u $user)sudo mkdir /home/testsudo mount --verbose -t cifs -o user=$user,cruid=$user,sec=krb5,gid=$gid,uid=$uid,vers=3.0 //XXX.com/XXXX /home/testit outputs the following error: :q
mount error(126): Required key not availablehere is a look into /var/log/syslog
Sep 6 14:21:36 anis-VM kernel: [ 8682.404967] CIFS: Attempting to mount \\XXX.com\XXXSep 6 14:21:36 anis-VM cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=XXX.com;ip4=10.130.0.16;sec=krb5;uid=0x4eba0253;creduid=0x4eba0253;user=xxx@xxx.GRP;pid=0x1658Sep 6 14:21:36 anis-VM cifs.upcall: ver=2Sep 6 14:21:36 anis-VM cifs.upcall: host=xxxx.comSep 6 14:21:36 anis-VM cifs.upcall: ip=10.130.0.16Sep 6 14:21:36 anis-VM cifs.upcall: sec=1Sep 6 14:21:36 anis-VM cifs.upcall: uid=1320813139Sep 6 14:21:36 anis-VM cifs.upcall: creduid=1320813139Sep 6 14:21:36 anis-VM cifs.upcall: user=xxx@xxx.GRPSep 6 14:21:36 anis-VM cifs.upcall: pid=5720Sep 6 14:21:36 anis-VM cifs.upcall: get_cachename_from_process_env: pathname=/proc/5720/environSep 6 14:21:36 anis-VM cifs.upcall: get_cachename_from_process_env: cachename = FILE:/tmp/krb5cc_1320813139_Ipmgx6Sep 6 14:21:36 anis-VM cifs.upcall: get_existing_cc: default ccache is FILE:/tmp/krb5cc_1320813139_Ipmgx6Sep 6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: getting service ticket for xxxx.comSep 6 14:21:36 anis-VM cifs.upcall: cifs_krb5_get_req: unable to get credentials for xxxx.comSep 6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)Sep 6 14:21:36 anis-VM cifs.upcall: ip_to_fqdn: resolved 10.130.0.16 to xxxx.comSep 6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: getting service ticket for xxx.comSep 6 14:21:36 anis-VM cifs.upcall: cifs_krb5_get_req: unable to get credentials for xxx.comSep 6 14:21:36 anis-VM cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)Sep 6 14:21:36 anis-VM cifs.upcall: Unable to obtain service ticketSep 6 14:21:36 anis-VM cifs.upcall: Exit status -1765328377Sep 6 14:21:36 anis-VM kernel: [ 8682.430729] CIFS: VFS: Verify user has a krb5 ticket and keyutils is installedSep 6 14:21:36 anis-VM kernel: [ 8682.430771] CIFS: VFS: \\xxx.com Send error in SessSetup = -126Sep 6 14:21:36 anis-VM kernel: [ 8682.430864] CIFS: VFS: cifs_mount failed w/return code = -126I tried everything, nothing seems to fix this problem, can someone help me even with an idea?