[Bug 1130781] Re: Can't mount samba share with krb/multiuser at bootup in fstab

Steve Langasek steve.langasek at canonical.com
Thu Oct 3 07:05:13 UTC 2013 

> I'm not sure if it doesn't auto-mount due to clock skew or not,

Well, this is exactly the diagnosis given in the message you linked to.
So if it's clock skew, it must be a bad system clock, or a bad clock
value in your BIOS clock.

> if I login and manually mount at as root, then it works fine.

That's not surprising, if the clock is being set from NTP immediately
afterwards.  This could happen because the /etc/network/if-up.d/ntpdate
script which sets the clock also does this in the background, so if you
have a bad system clock and are getting the time from the network,
there's a race condition and the clock may not yet be set by the time
the attempt is made to mount the share.

> It's hard for me to troubleshoot this now as I was trying this in
> February & it is now October.  This machine has long ago been rebuilt.

I take this to mean that you're no longer able to reproduce the problem.
The contents of the ntp package do certainly indicate a race condition,
so there's a real bug; but without further information about why this
was causing problems for you specifically, the theory is that this only
happens with a broken BIOS clock, so is a low priority to fix.

** Package changed: mountall (Ubuntu) => ntp (Ubuntu)

** Changed in: ntp (Ubuntu)
   Importance: Undecided => Low

** Changed in: ntp (Ubuntu)
       Status: Incomplete => New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mountall in Ubuntu.
https://bugs.launchpad.net/bugs/1130781

Title:
  Can't mount samba share with krb/multiuser at bootup in fstab

Status in “ntp” package in Ubuntu:
  New

Bug description:
  I have the following setup:

  A samba server on Ubuntu 12.04, and a samba client on 12.04

  My fstab line looks as follows:
  //cifserver.mydomain.com/data	/data	cifs	cache=strict,sec=krb5,multiuser,acl,user=SERVERNAME$ 0 0

  The client name is: servername.mydomain.com
  The cifs server name is: cifserver.mydomain.com

  I'm using windbind with idmap_rid to enumerate uids & gids.

  I have joined both servers to the domain and created a krb5.keytab.

  After the system  has booted,  I can login as root via ssh key & run
  "mount /data" as root (no kerberos tickets) and the share WILL mount &
  work properly and I'm assigned a kerberos default:principal of
  servername$mydomain.com , a krbtgt & a cifs/server service ticket.  It
  works.  Multiuser permissions work as well (very cool).

  If I try to have this work via fstab, it does NOT work with the
  following cifs.upcall errors:

  > cifs.upcall: key description: cifs.spnego;0;0;3f000000;ver=0x2;host=cifserver.mydomain.com;ip4=10.1.5.16;sec=krb5;uid=0x0;creduid=0x0;user=SERVERNAME$;pid=0x2c7
  > cifs.upcall: ver=2
  > cifs.upcall: host=cifserver.mydomain.com
  > cifs.upcall: ip=10.1.5.16
  > cifs.upcall: sec=1
  > cifs.upcall: uid=0
  > cifs.upcall: creduid=0
  > cifs.upcall: user=SERVERNAME$
  > cifs.upcall: pid=711
  > cifs.upcall: krb5_get_init_creds_keytab: -1765328347
  > cifs.upcall: handle_krb5_mech: getting service ticket for cifs/cifserver.mydomain.com
  > cifs.upcall: cifs_krb5_get_req: unable to resolve (null) to ccache
  > cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328245)
  > cifs.upcall: handle_krb5_mech: getting service ticket for host/cifserver.mydomain.com
  > cifs.upcall: cifs_krb5_get_req: unable to resolve (null) to ccache
  > cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328245)

  I've reported this to the linux kernel cifs list & it seems that the
  cifs share is trying to mount prior to the system being ready.

  For this reason I've assigned this to upstart.  If this should belong
  to another package, feel free to move it.  This is my best guess.

  Please see the final response/dermination here:
  http://article.gmane.org/gmane.linux.kernel.cifs/7832

  You can also see the thread here (sorry I don't know another way to show just this thread on the mailing list)
  First post: http://article.gmane.org/gmane.linux.kernel.cifs/7821
  second post: http://article.gmane.org/gmane.linux.kernel.cifs/7830
  Third post: http://article.gmane.org/gmane.linux.kernel.cifs/7831
  Fourth Post: http://article.gmane.org/gmane.linux.kernel.cifs/7832

  Thanks for looking into this.  If there is a more proper way/place to
  have auto-mounted cifs mounts with kerberos credentials mounted at
  startup, please advise.  I need this share up at boot even if nobody
  has logged in so that automated jobs & other services can run.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1130781/+subscriptions

More information about the foundations-bugs mailing list