HPE Community
Operating System - HP-UX
1837242 Members
4391 Online
110115 Solutions
New Discussion

CIFS problem

 
khilari
Regular Advisor

‎04-01-2008 07:00 AM

‎04-01-2008 07:00 AM

CIFS problem

Now the FS can be mounted and content is visible by the root user. However, any other user cannot even cd to the mount point. Interesting thing is that non-root user cannot even long list mount point; only ls on mntpt woks:


$ cd /mntpt
ksh: /mntpt: permission denied
$ cd /
$ ll mntpt
mntpt not found
$ ls
CDROM export mntpt test
HORCM home net tmp
KBR_Software iface opt tmp_mnt
bin krb5.conf oracle usr
cdrom lib root var
depot lost+found sapmnt
dev make_sys_image.log sbin
etc mapfile stand
$ id
uid=6207(ds285) gid=20(users)



Would you be able to tell what might be the cause for this.
I have confirmed with the WINTEL team that shared directory is fully open for access. The mntpt directory has 777 permission.

Looking forward to your replay.

Thank you in advance,
Dragana

_____________________________________________
From: Isler, Donald James
Sent: Monday, March 31, 2008 6:05 PM
To: Smiljkovic-Velickovi, Dragana
Cc: Khan, Mujtaba
Subject: RE: Issue with kinit and cifs connection to a WIN server

Hi Dragana,

Looks like the REALMS definition is wrong. Should be:
[realms]
KBRHPSAP.LOCAL = {
kdc = 34.76.193.50:88
admin_server= 34.76.193.50
}

Regards,

Don Isler

_____________________________________________
From: Smiljkovic-Velickovi, Dragana
Sent: Friday, March 28, 2008 0:53
To: Isler, Donald James
Cc: Khan, Mujtaba
Subject: Issue with kinit and cifs connection to a WIN server
Importance: High

Hi Don,

I am from one of the UNIX teams in HP Outsourcing Services in Canada.
Keng Wong has given me your name to contact you for help on issue we've been troubleshooting for few days already.

We want to get one drive from a WINTEL server mounted on a UNIX box but we are encountering problems with CIFS. Then someone suggested that the issue might be with Kerberos connection so Keng started to troubleshot this with us but with no success.

Below is krb5.cnf file we have. Looks like all entries are made correctly:

[libdefaults]
default_realm = KBRHPSAP.LOCAL
default_tkt_enctypes = DES-CBC-MD5
default_tgs_enctypes = DES-CBC-MD5
#default_keytab_name = "WRFILE:/etc/krb5.keytab"

[realms]
kbrhpsap.local = {
kdc = 34.76.193.50:88
admin_server= KBRHPSAP.LOCAL
}
[domain_realm]


[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log


Yet, we get error:

kinit(v5): Cannot contact any KDC for requested realm while getting initial credentials

I don't know if we have provided correct value for the default_realm parameter . Would you be able explain what is this parameter; how to get it? It is not defined on the WINTEL server. What may be the cause for error we receive?
0 Kudos
Reply
4 REPLIES 4
Heironimus
Honored Contributor

‎04-01-2008 09:37 AM

‎04-01-2008 09:37 AM

Re: CIFS problem

Did you do a cifslogin as your non-root user?
0 Kudos
Reply
khilari
Regular Advisor

‎04-01-2008 09:50 AM

‎04-01-2008 09:50 AM

Re: CIFS problem

ya the problem was cifslogin. U have to do that for each user.. The whole process for each user. Make it on both sides , cifslogin and then cifsmount....
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎04-01-2008 10:19 AM

‎04-01-2008 10:19 AM

Re: CIFS problem

Shalom

software.hp.com
Has new version Kerberos client 1.3.4.1 and Pam Kerberos 1.24.

It might help.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Neil Stichbury
Occasional Advisor

‎04-12-2008 01:08 AM

‎04-12-2008 01:08 AM

Re: CIFS problem

Another possible option to cifslogin of each user is to have one user cifslogin and then pre-stage files to be uploaded to the mount location. Cronjob or similar can then do the work. Depends what your needs are.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.