That's as far as I got. Let's see what works, and what doesn't...
works partly::
apprentice@linux-pc:~$ sudo mount.cifs //cemc7.winprogress.local/fs_wpd03/UWP2.0 /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL'
I can mount and EMC CIFS share with unspecified authentication protocol, meaning that it's probably using some kind of NTLM. I can't write to the share, but that may be a permission problem.
Doesn't work:
apprentice@linux-pc:~$ sudo mount.cifs //cemc7.winprogress.local/fs_wpd03/UWP2.0 /admin/apprentice/myShared -o domain=WINPROGRESS,user='SomeAdmin@WINPROGRESS.LOCAL',sec=krb5
mount error(5): Input/output error
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
I can't mount the EMC CIFS share with 'krb5' authentication.
works:
apprentice@linux-pc:~$ sudo wbinfo -u
guest
administrator
krbtgt
<snip>
SomeAdmin
When asking, we get the user list from the domain.
works:
apprentice@linux-pc:~$ kgetcred host/192-168-96-24.winprogress.local
works:
apprentice@linux-pc:~$ mount.cifs //winprogress.local/uwp2.0 /admin/apprentice/myShared -o domain=WINPROGRESS,user='Bokma',ro,sec=ntlmi --verbose
It is apparently at least ntlmi
authentication that works with a DFS share.
It is only sometimes that I can write to the share though.
This could have to do with one of the two AD servers categorically refusing any DFS traffic.
works
apprentice@linux-pc:~$ mount.cifs //129-125-96-24.winprogress.local/Shared /admin/apprentice/myShared -o domain=WINPROGRESS,user='Bokma',sec=krb5 --verbose
A plain CIFS share on a plain Windows box can be accessed using Kerberos authentication of the krb5i
variant.
doesn't work:
apprentice@linux-pc:~$ mount.cifs //winprogress.local/uwp2.0 /admin/apprentice/myShared -o domain=WINPROGRESS,user=Bokma,sec=krb5i,ro --verbose
The DFS share cannot be accessed using krb5i authentication.