[Sans] Kerberos / CIFS / nethz
Mosebach Kai
kai.mosebach at bsse.ethz.ch
Wed Sep 1 10:46:33 CEST 2010
Hi Nico,
what does
klist -kte
give you? And if it contains "(DES cbc mode ..." then are you aware of the W2008R2 moves going on?
Quote : "WICHTIG:
Am 15. Oktober 2010 wird auf allen Domänen Kontroller die DES
Verschlüsselung, per GPO vorübergehend, bis am 31.3.2011 aktiviert."
Best Kai
On 9/1/10 10:17 AM, "Nico Schottelius" <nico.schottelius at inf.ethz.ch> wrote:
Good morning sysadmins,
I'm currently in contact with ID to get the cifs mount working
from nas-nethz-users.d.ethz.ch using
root at sgv-ubuntu-01:~# mount -t cifs -w -o sec=krb5,user=nicosc,domain=d.ethz.ch,uid=0,gid=0 '//nas-nethz-users.d.ethz.ch/share-n-$' /mnt
though still without success, although the kerberos tickets seem to available:
root at sgv-ubuntu-01:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: nicosc at D.ETHZ.CH
Valid starting Expires Service principal
08/30/10 17:52:10 08/31/10 03:52:13 krbtgt/D.ETHZ.CH at D.ETHZ.CH
renew until 09/06/10 17:52:10
08/30/10 17:52:52 08/31/10 03:52:13 cifs/nas-nethz-users.d.ethz.ch at D.ETHZ.CH
renew until 09/06/10 17:52:10
If anyone of you had success or knows someone who had success in mounting
the cifs home via kerberos, please let me know.
If you're interested in getting that stuff to work, a ping would also be
great, because ID is quite unaware of any possible users and presumably
not very motivated if only one party is interested.
Cheers,
Nico
--
Systems Group Sysadmin Tel: +41 (0) 44 632 76 09 D-INFK/ETH Zurich
More information about the Sans
mailing list