[Pkg-samba-maint] Bug#826017: samba: Unable to mount Kerberos authentication network shares from Nautilus
Chris Steenwyk
chris.steenwyk at gentex.com
Wed Jun 1 12:54:02 UTC 2016
Package: samba
Version: 2:4.2.10+dfsg-0+deb8u2
Severity: important
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
When using Samba 4.2.10 (and associated libraries) I am no longer able to
authenticate to network shares that have kerberos authentication using Nautilus
or another file manager. Specifically, if I enter "smb://<server>" I can see
the shares but when I try to mount a share I enter a continuous prompt for
proper password credentials.
* What exactly did you do (or not do) that was effective (or
ineffective)?
We tried mounting the share using the "mount" command and fstab, both of which
worked. We tired other file managers than naufilus, those did not work. We are
able to mount some other network shares that have authentication methods other
than kerberos. I also tried samba 4.4.3 under debian testing and that did work.
Finally downgrading to samba 4.1.14 also works using the following commands:
# aptitude install samba=2:4.1.17+dfsg-2+deb8u2 samba-
common=2:4.1.17+dfsg-2+deb8u2 samba-libs=2:4.1.17+dfsg-2+deb8u2
smbclient=2:4.1.17+dfsg-2+deb8u2 python-samba=2:4.1.17+dfsg-2+deb8u2 samba-
common-bin=2:4.1.17+dfsg-2+deb8u2 samba-libs=2:4.1.17+dfsg-2+deb8u2 samba-dsdb-
modules=2:4.1.17+dfsg-2+deb8u2 samba-vfs-modules=2:4.1.17+dfsg-2+deb8u2
libsmbclient=2:4.1.17+dfsg-2+deb8u2 samba-libs=2:4.1.17+dfsg-2+deb8u2
libldb1=2:1.1.17-2+deb8u1 python-ldb=2:1.1.17-2+deb8u1
libwbclient0:amd64=2:4.1.17+dfsg-2+deb8u2
* What was the outcome of this action?
In general it appears the issue is related to mounting a kerberos authenticated
network share using the GUI.
* What outcome did you expect instead?
We expected the shares to mount
Below is a copy of a log entry showing what happens when I attempt to
authenticate. I've replaced sensitive information in <> blocks
-- System Information:
Debian Release: 8.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages samba depends on:
ii adduser 3.113+nmu3
ii dpkg 1.17.26
ii libbsd0 0.7.0-2
ii libc6 2.19-18+deb8u4
ii libhdb9-heimdal [heimdal-hdb-api-8] 1.6~rc2+dfsg-9
ii libldb1 2:1.1.20-0+deb8u1
ii libpam-modules 1.1.8-3.1+deb8u1+b1
ii libpam-runtime 1.1.8-3.1+deb8u1
ii libpopt0 1.16-10
ii libpython2.7 2.7.9-2
ii libtalloc2 2.1.2-0+deb8u1
ii libtdb1 1.3.6-0+deb8u1
ii libtevent0 0.9.25-0+deb8u1
ii lsb-base 4.1+Debian13+nmu1
ii multiarch-support 2.19-18+deb8u4
ii procps 2:3.3.9-9
ii python 2.7.9-1
ii python-dnspython 1.12.0-1
ii python-ntdb 1.0-5
ii python-samba 2:4.2.10+dfsg-0+deb8u2
pn python2.7:any <none>
ii samba-common 2:4.2.10+dfsg-0+deb8u2
ii samba-common-bin 2:4.2.10+dfsg-0+deb8u2
ii samba-dsdb-modules 2:4.2.10+dfsg-0+deb8u2
ii samba-libs 2:4.2.10+dfsg-0+deb8u2
ii tdb-tools 1.3.6-0+deb8u1
ii update-inetd 4.43
Versions of packages samba recommends:
ii attr 1:2.4.47-2
ii logrotate 3.8.7-1+b1
ii samba-vfs-modules 2:4.2.10+dfsg-0+deb8u2
Versions of packages samba suggests:
pn bind9 <none>
pn bind9utils <none>
pn ctdb <none>
pn ldb-tools <none>
pn ntp <none>
pn smbldap-tools <none>
ii winbind 2:4.2.10+dfsg-0+deb8u2
-- no debconf information
*** /home/WONDERLAN/chris.steenwyk/Desktop/log
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: ### SMB:
g_vfs_backend_smb_init: default workgroup = 'NULL'
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: do_mount - URI =
smb://<SERVER>/<SHARE>
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: do_mount - try #0
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: auth_callback -
anonymous pass
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: auth_callback - out:
last_user = '<USERNAME>', last_domain = '<DOMAIN>'
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: gss_init_sec_context failed
with [ Miscellaneous failure (see text): Server (cifs/<SERVER>@<DOMAIN>)
unknown]
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: do_mount -
[smb://<SERVER>/<SHARE>; 0] res = -1, cancelled = 0, errno = [13] 'Permission
denied'
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: do_mount - after anon,
enabling NTLMSSP fallback
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: do_mount - try #1
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: auth_callback - normal
pass
Jun 1 08:49:51 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: auth_callback - asking
for password...
Jun 1 08:49:58 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: auth_callback - out:
last_user = '<USERNAME>', last_domain = '<DOMAIN>'
Jun 1 08:49:58 g5053 org.gtk.vfs.Daemon[2837]: gss_init_sec_context failed
with [ Miscellaneous failure (see text): Server (cifs/<SERVER>@<DOMAIN>)
unknown]
Jun 1 08:49:58 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: do_mount -
[smb://<SERVER>/<SHARE>; 1] res = -1, cancelled = 0, errno = [1] 'Operation not
permitted'
Jun 1 08:49:58 g5053 org.gtk.vfs.Daemon[2837]: ### SMB: do_mount - try #2
More information about the Pkg-samba-maint
mailing list