The machine 192.168.96.24
is sharing C:\Shared
to user SomeAdmin
, and from a previous, not so clean but succesful attempt, we know that the following command should work:
mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose.
At this point however, with a PC configured for a different environment, it doesn't, and we're going to fix that.
apprentice@linux-pc:~$ mkdir ~/myShared
apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose
The program 'mount.cifs' is currently not installed. To run 'mount.cifs' please ask your administrator to install the package 'smbfs'
Obviously, we 're missing a package.
apprentice@linux-pc:~$ sudo apt-get install -y smbfs
<snip>
Setting up smbfs (2:3.4.7~dfsg-1ubuntu3.8) ...
apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose
mount error: could not resolve address for 192-168-96-24.winprogress.local: Name or service not known
No ip address specified and hostname not found
This looks like a nameserver issue, but the nameserver is outside of our reach.
We may yet have to install winbind
later on, but for now, we simply create in /etc/hosts
a line:
192.168.96.24 192-168-96-24.winprogress.local 192-168-96-24
.. and we try again:
apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose
mount.cifs kernel mount options: unc=//192-168-96-24.winprogress.local\Shared,ver=1,domain=WINPROGRESS,user=SomeAdmin@WINPROGRESS.LOCAL,sec=krb5,netbiosname=192-168-96-24.winprogress.local,uid=7305,gid=7305,ip=192.168.96.24
mount error(1): Operation not permitted
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
This time, the problem is permissions: the ordinary user cannot use mount.cifs
: the binary needs to be suid-root.
apprentice@linux-pc:~$ sudo chmod u+s $(which mount.cifs) $(which umount.cifs)
apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose
mount.cifs kernel mount options: unc=//192-168-96-24.winprogress.local\Shared,ver=1,domain=WINPROGRESS,user=SomeAdmin@WINPROGRESS.LOCAL,sec=krb5,netbiosname=192-168-96-24.winprogress.local,uid=7305,gid=7305,ip=192.168.96.24
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
We need a Kerberos key, and we haven't done anything yet to obtain it.
apprentice@linux-pc:~$ kinit SomeAdmin@WINPROGRESS.LOCAL
SomeAdmin@WINPROGRESS.LOCAL's Password:
kinit: krb5_get_init_creds: unable to reach any KDC in realm WINPROGRESS.LOCAL
Well, as a matter of fact, the package heimdal-clients
is installed on the system.
If it hadn't been, the command kinit wouldn't even have been available.
But Kerberos certainly isn't configured for use with the experimental WINPROGRESS.LOCAL
realm.
We add a stanza under
[realms]
in /etc/krb5.conf
:
<snip> WINPROGRESS.LOCAL = { kdc = 192.168.127.201 192.168.127.202 admin_server = 192.168.127.201 192.168.127.202 } <snip>
and under
[libdefaults]
, we put:
<snip> default_realm = WINPROGRESS.LOCAL <snip>
Note | |
---|---|
We 're using IP numbers rather than hostnames, because the nameserving isn't working for the domain |
... now we retry:
apprentice@linux-pc:~$ kinit SomeAdmin@WINPROGRESS.LOCAL
SomeAdmin@WINPROGRESS.LOCAL's Password:
apprentice@linux-pc:~$ klist
Credentials cache: FILE:/tmp/krb5cc_7305
Principal: SomeAdmin@WINPROGRESS.LOCAL
Issued Expires Principal
Nov 23 13:20:18 Nov 23 23:20:18 krbtgt/WINPROGRESS.LOCAL@WINPROGRESS.LOCAL
apprentice@linux-pc:~$ mount.cifs //192-168-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5,netbiosname=192-168-96-24.winprogress.local --verbose
mount.cifs kernel mount options: unc=//192-168-96-24.winprogress.local\Shared,ver=1,domain=WINPROGRESS,user=SomeAdmin@WINPROGRESS.LOCAL,sec=krb5,netbiosname=192-168-96-24.winprogress.local,uid=7305,gid=7305,ip=192.168.96.24
apprentice@linux-pc:~$ mount -t cifs
//192-168-96-24.winprogress.local/Shared on /admin/apprentice/myShared type cifs (rw,mand,nosuid,nodev)
Note | |
---|---|
It appears that this also works:
|