| View previous topic :: View next topic |
| Author |
Message |
Zwartoog
Tux's lil' helper
Joined: 13 Mar 2006
Posts: 87
Location: Netherlands
|
 Posted: Tue Nov 17, 2009 9:30 am Post subject: Unable to mount a DFS share with CIFS [solved] |
 |
|
Dear users,
I am trying to mount a DFS (Distributed File System) share with CIFS. The server has Windows Server 2003 installed.
On my Gentoo box, I am currently running kernel 2.6.30-gentoo-r5 and samba-libs/samba-client-3.4.3:
| Code: |
net-fs/samba-libs-3.4.3-r1 USE="ads cups examples ldap netapi%* pam smbclient%* smbsharemodes%* -addns% -aio -caps -cluster -debug -ldb% -samba4% -syslog -tools% -winbind"
net-fs/samba-client-3.4.3 USE="ads cups ldap -aio -avahi -caps -cluster -debug -minimal -samba4% -syslog -winbind -zeroconf"
|
(with the patch from bug https://bugs.gentoo.org/289797). I have also tried the older version 3.3.9 and sys-fs/mount-cifs, neither of them worked.
My kernel is compiled with:
| Quote: |
CONFIG_CIFS=y
# CONFIG_CIFS_STATS is not set
# CONFIG_CIFS_WEAK_PW_HASH is not set
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
CONFIG_CIFS_DEBUG2=y
CONFIG_CIFS_EXPERIMENTAL=y
|
I am able to mount the physical locations within the share:
| Code: |
mount.cifs //share.test.tld/users$ /mnt -o user=Me,dom=DOM
|
However, trying to mount the DFS share itself:
| Code: |
mount.cifs //dfs.share.test.tld/public /mnt -o user=Me,dom=DOM
|
the mount fails with:
| Quote: |
mount.cifs kernel mount options: unc=//dfs.share.test.tld\public,domain=DOM,ver=1,user=ME,,,,,,ip=10.0.0.71,pass=********
mount error(95): Operation not supported
Refer to the mount.cifs(8 ) manual page (e.g. man mount.cifs)
|
From dmesg|tail:
| Quote: |
CIFS VFS: cifs_mount failed w/return code = -95
|
I have tried different security settings (sec=ntlmv2, etc.), signing, played around with /proc/fs/cifs/SecurityFlags, but none led to a succes.
However, I am able to access the mount with smbclient:
| Code: |
smbclient //dfs.share.test.tld/public -U DOM/ME
|
From what I understand from my searches on the internet is that DFS mounts were problematic at best, but it seemed to be solved in 2007. Yet I cannot get it to work.
Does anyone have any hints?
Thanks in advance!
Zwartoog
_________________
The box said "Requires Windows 95 or better", so I installed Linux.
Last edited by Zwartoog on Thu Jan 28, 2010 9:19 am; edited 1 time in total |
|
| Back to top |
|
 |
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2790
Location: Pittsburgh, PA, USA
|
| Posted: Mon Jan 25, 2010 9:31 pm Post subject: |
|
|
Did you get anywhere with this?
If I mount as root I do not get the operation not supported it just does not traverse the dfs links.
I get errors like
| Code: | jdrescher@datastore3 ~/net_dfs $ ls -al
ls: cannot read symbolic link DataAnalysis: Object is remote
ls: cannot read symbolic link Testing: Object is remote
total 6
drwxr-xr-x 6 root Domain Users 0 Oct 27 13:52 .
drwx--S--- 76 jdrescher Domain Users 6608 Jan 25 16:12 ..
lrwxrwxrwx 1 root root 31 Oct 21 16:15 DataAnalysis
drwxr-xr-x 2 root Domain Users 0 Aug 20 11:23 SystemLinks
lrwxrwxrwx 1 root root 26 Oct 27 13:52 Testing
drwxr-xr-x 4 root root 0 Apr 30 2008 Users
drwxr-xr-x 4 root Domain Users 0 Apr 30 2008 images
drwxr-xr-x 3 root Domain Users 0 Jul 21 2009 other
jdrescher@datastore3 ~/net_dfs $ cd Testing
bash: cd: Testing: Object is remote
|
And like you smbclient works
| Code: | datastore3 log # smbclient //192.168.1.6/net-dfs-root -U jdrescher
Enter jdrescher's password:
Domain=[RADIMG] OS=[Unix] Server=[Samba 3.0.37]
smb: \> ls
. D 0 Tue Oct 27 13:52:46 2009
.. D 0 Wed Apr 30 12:15:34 2008
images D 0 Wed Apr 30 12:17:23 2008
SystemLinks D 0 Thu Aug 20 11:23:59 2009
Users D 0 Wed Apr 30 15:53:17 2008
other D 0 Tue Jul 21 18:40:35 2009
DataAnalysis D 0 Wed Oct 21 16:15:39 2009
Testing D 0 Tue Oct 27 13:52:46 2009
59051 blocks of size 1048576. 14595 blocks available
smb: \> cd Testing
smb: \Testing\> ls
. D 0 Thu Oct 29 17:46:01 2009
.. D 0 Tue Oct 27 14:12:57 2009
Jun D 0 Wed Nov 11 14:49:55 2009
John D 0 Thu Jan 21 12:18:31 2010
38398 blocks of size 33553920. 4003 blocks available
smb: \Testing\> exit
|
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2790
Location: Pittsburgh, PA, USA
|
| Posted: Mon Jan 25, 2010 11:28 pm Post subject: |
|
|
Fixed. I needed to upgrade my kernel from 2.6.27-ovz. I installed gentoo-sources-2.6.32-r2 and all was well.
| Code: |
jdrescher@datastore3 ~/net_dfs $ ls
DataAnalysis SystemLinks Testing Users images other
jdrescher@datastore3 ~/net_dfs $ ls -al
total 6
drwxr-xr-x 6 root Domain Users 0 Oct 27 13:52 .
drwx--S--- 76 jdrescher Domain Users 6608 Jan 25 18:25 ..
drwxr-xr-x 2 root root 0 Oct 22 00:29 DataAnalysis
drwxr-xr-x 2 root Domain Users 0 Aug 20 11:23 SystemLinks
drwxrwsr-x 4 root Domain Users 0 Oct 29 17:46 Testing
drwxr-xr-x 4 root root 0 Apr 30 2008 Users
drwxr-xr-x 4 root Domain Users 0 Apr 30 2008 images
drwxr-xr-x 3 root Domain Users 0 Jul 21 2009 other
jdrescher@datastore3 ~/net_dfs $ cd Testing/
jdrescher@datastore3 ~/net_dfs/Testing $ ls
John Jun
jdrescher@datastore3 ~/net_dfs/Testing $ ls -al
total 0
drwxrwsr-x 4 root Domain Users 0 Oct 29 17:46 .
drwxr-xr-x 6 root Domain Users 0 Oct 27 13:52 ..
drwxrwsr-x 3 mgwsu Domain Users 0 Jan 21 12:18 John
drwxrwsr-x 8 jtan Domain Users 0 Nov 11 14:49 Jun
jdrescher@datastore3 ~/net_dfs/Testing $ cd J
John/ Jun/
jdrescher@datastore3 ~/net_dfs/Testing $ cd Jun/
jdrescher@datastore3 ~/net_dfs/Testing/Jun $ |
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
Zwartoog
Tux's lil' helper
Joined: 13 Mar 2006
Posts: 87
Location: Netherlands
|
| Posted: Wed Jan 27, 2010 1:30 pm Post subject: |
|
|
Hi drescherjm! Glad to hear everything is working now!
Unfortunately, it still does not for me. Today I have upgraded to 2.6.32-r2 and samba 3.5.0-rc2. Mounting the DFS goes without errors, but the (DFS) shared directories on the server are still empty (no error messages are given).
I have tried to use the samba4 use-flag without success. Searching the internet again learned me that the problem is frequently occuring, but all were solved by installing keyutils and updating /etc/request-key.conf with:
create cifs.spnego * * /usr/sbin/cifs.upcall %k
create dns_resolver * * /usr/sbin/cifs.upcall %k
Unfortunately, not for me...
If anyone has an idea on how to research this problem, I am happy to hear about it.
_________________
The box said "Requires Windows 95 or better", so I installed Linux. |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2790
Location: Pittsburgh, PA, USA
|
| Posted: Wed Jan 27, 2010 1:38 pm Post subject: |
|
|
I am using samba-3.0.37 on most of the dfs mounts including the dfs root. I am not sure if I tried connecting to the one server in the dfs that is samba 3.4.5. The samba dfs root is also 2.6.32 but that is vserver-sources. With the client being gentoo sources. The client is the machine that has samba-3.4.5. I did not mess with any /etc files. My network has samba pdcs and openldap. With no windows servers but windows and linux cifs clients.
I know this sounds complicated. Hopefully this can help you..
There was one change I had to make since I have been forced to not having a dns server (company network security police  ) was I had to replace the UNC names with ipaddresses in the dns root.
| Code: | fileserv network_dfs_root # ls -al
total 24
drwxr-xr-x 6 root Domain Users 4096 Jan 27 08:37 .
drwxr-xr-x 5 root root 4096 Apr 30 2008 ..
lrwxrwxrwx 1 root root 31 Oct 21 16:15 DataAnalysis -> msdfs:192.168.1.33\DataAnalysis
drwxr-xr-x 2 root Domain Users 4096 Aug 20 11:23 SystemLinks
lrwxrwxrwx 1 root root 26 Oct 27 13:52 Testing -> msdfs:192.168.1.32\Testing
drwxr-xr-x 4 root root 4096 Apr 30 2008 Users
drwxr-xr-x 4 root Domain Users 4096 Apr 30 2008 images
-rw-r--r-- 1 root root 0 Jan 27 08:37 msdfs:192.168.1.32Testing
-rw-r--r-- 1 root root 0 Jan 27 08:37 msdfs:192.168.1.33DataAnalysis
drwxr-xr-x 3 root Domain Users 4096 Jul 21 2009 other
fileserv network_dfs_root # cd images/clean/Lung/
fileserv Lung # ls -al
total 12
drwxr-xr-x 3 root Domain Users 4096 Jan 27 07:56 .
drwxr-xr-x 5 root Domain Users 4096 Sep 18 15:59 ..
lrwxrwxrwx 1 root root 34 Jan 12 17:27 AirwayAnalysis -> msdfs://192.168.1.6/AirwayAnalysis
lrwxrwxrwx 1 root root 26 Dec 18 12:39 Asthma -> msdfs://192.168.1.6/Asthma
lrwxrwxrwx 1 root root 30 Jan 25 19:17 COPD_GENE -> msdfs://192.168.1.32/COPD_GENE
lrwxrwxrwx 1 root root 36 Dec 10 12:53 Fissure_Integrity -> msdfs:192.168.1.33/Fissure_Integrity
lrwxrwxrwx 1 root root 29 Jan 25 19:16 HIV_COPD -> msdfs://192.168.1.31/hiv_copd
drwxr-xr-x 2 root Domain Users 4096 Oct 28 15:41 LTRC
lrwxrwxrwx 1 root root 43 Jan 25 19:15 PLuSS -> msdfs://192.168.1.6/Images/clean/Lung/PLuSS
lrwxrwxrwx 1 root root 27 Jan 12 18:04 PneumRx -> msdfs://192.168.1.6/PneumRx
lrwxrwxrwx 1 root root 24 Jan 27 07:56 SARP -> msdfs://192.168.1.6/SARP
lrwxrwxrwx 1 root root 25 Jan 25 19:21 SCCOR -> msdfs://192.168.1.6/SCCOR
lrwxrwxrwx 1 root root 24 Jan 25 19:02 VCT -> msdfs://192.168.1.32/VCT
|
BTW, in this scheme links with more than one folder fail. I mean VCT, SCCOR, SARP .. work while PLuSS is inaccessible on linux. I am in the process of fixing that..
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
Zwartoog
Tux's lil' helper
Joined: 13 Mar 2006
Posts: 87
Location: Netherlands
|
| Posted: Wed Jan 27, 2010 2:10 pm Post subject: |
|
|
My server runs Windows Server 2003 R2 3790 Service Pack 2 without any special settings (as far as my local sysop knows).
Curious: how do you make symlinks to msdfs:// ?
_________________
The box said "Requires Windows 95 or better", so I installed Linux. |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2790
Location: Pittsburgh, PA, USA
|
| Posted: Wed Jan 27, 2010 2:19 pm Post subject: |
|
|
My dfs root is on a gentoo samba server. That last output with the msdfs:// links were from the dfs root. You may be able to create a second root on a linux machine to mirror the root on your windows server.
Here is the samba definition for the samba dfs root.
| Code: | [net-dfs-root]
comment = Network DFS Root
msdfs root = yes
path = /exports/network_dfs_root
read only = no
writable = yes
public = yes
force directory mode = 2775
inherit permissions = yes
inherit acls = yes |
| Quote: | | Curious: how do you make symlinks to msdfs:// ? |
| Code: |
ln -s msdfs://192.168.1.6/SARP SARP |
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
Zwartoog
Tux's lil' helper
Joined: 13 Mar 2006
Posts: 87
Location: Netherlands
|
| Posted: Wed Jan 27, 2010 2:24 pm Post subject: |
|
|
Ok, I may be missing something trivial here. How are the msdfs links followed? E.g. my shell does not recognize the msdfs protocol. Or are those links only valid on servers and interpreted by samba-server?
_________________
The box said "Requires Windows 95 or better", so I installed Linux. |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2790
Location: Pittsburgh, PA, USA
|
| Posted: Wed Jan 27, 2010 2:43 pm Post subject: |
|
|
In the linux client that has the samba dfs root cifs mounted (and also has the proper kernel) the msdfs:// links automatically get translated. Without the proper client kernel I used to see msdfs:// and not be able to traverse the paths in the shell.
_________________
John
My gentoo overlay
Instructons for overlay
Last edited by drescherjm on Wed Jan 27, 2010 2:46 pm; edited 1 time in total |
|
| Back to top |
|
|
Zwartoog
Tux's lil' helper
Joined: 13 Mar 2006
Posts: 87
Location: Netherlands
|
| Posted: Wed Jan 27, 2010 2:46 pm Post subject: |
|
|
Which kernel options did you set? I thought:
| Code: | CONFIG_CIFS=m
CONFIG_CIFS_STATS=y
CONFIG_CIFS_STATS2=y
CONFIG_CIFS_WEAK_PW_HASH=y
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
CONFIG_CIFS_DEBUG2=y
CONFIG_CIFS_EXPERIMENTAL=y
|
was all that is required. Am I missing something?
_________________
The box said "Requires Windows 95 or better", so I installed Linux. |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2790
Location: Pittsburgh, PA, USA
|
| Posted: Wed Jan 27, 2010 2:47 pm Post subject: |
|
|
| Code: | datastore3 ~ # zgrep CIFS /proc/config.gz
CONFIG_CIFS=y
# CONFIG_CIFS_STATS is not set
CONFIG_CIFS_WEAK_PW_HASH=y
CONFIG_CIFS_UPCALL=y
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
# CONFIG_CIFS_DEBUG2 is not set
CONFIG_CIFS_DFS_UPCALL=y
CONFIG_CIFS_EXPERIMENTAL=y
|
CONFIG_CIFS_DFS_UPCALL=y is the key
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
Zwartoog
Tux's lil' helper
Joined: 13 Mar 2006
Posts: 87
Location: Netherlands
|
| Posted: Wed Jan 27, 2010 2:57 pm Post subject: |
|
|
Got it, but now I am puzzled again 
On amd64, there is no such configuration option. DFS is supposed to be in the EXPERIMENTAL part. However, x86 seems to have this DFS option explicit.
I will try to get it to work on the x86 box again (although it is in production, so my options are limited). For now, let's see what happens if I manually add the kernel option to the config on the amd64 box.
Btw, you ARE running x86, right? Otherwise I do not know why this option only appears on the x86 box.
_________________
The box said "Requires Windows 95 or better", so I installed Linux. |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2790
Location: Pittsburgh, PA, USA
|
| Posted: Wed Jan 27, 2010 2:59 pm Post subject: |
|
|
amd64 on all linux machines
Here is the client:
| Code: | datastore3 ~ # uname -a
Linux datastore3 2.6.32-gentoo-r2 #4 SMP Tue Jan 26 02:22:01 EST 2010 x86_64 Intel(R) Core(TM)2 Quad CPU Q9550 @ 2.83GHz GenuineIntel GNU/Linux
|
And the server (dfs root):
| Code: |
fileserv Lung # uname -a
Linux fileserv 2.6.32-vs2.3.0.36.28-gentoo-ext4 #1 SMP Fri Jan 15 18:43:03 EST 2010 x86_64 AMD Opteron(tm) Processor 246 AuthenticAMD GNU/Linux
|
Note I did not set up cifs on the server so I am sure it does not have that option enabled.
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
Zwartoog
Tux's lil' helper
Joined: 13 Mar 2006
Posts: 87
Location: Netherlands
|
| Posted: Wed Jan 27, 2010 3:25 pm Post subject: |
|
|
Got it! It needs CONFIG_KEYS=y in the security section to be set as well.
And guess what: it works! 
Well, almost: I seem to have some troubles with resolving hostnames:
ls: cannot access /mnt/dfs/dfsmount: Resource temporarily unavailable
And from /var/log/messages:
CIFS VFS: dns_resolve_server_name_to_ip: unable to resolve: dfshost2
CIFS VFS: cifs_compose_mount_options: Failed to resolve server part of \\dfshost2\users$ to IP: -11
but I think I know where that problem originates (we have different domain settings in the network due to migrations). Seems the original problem is fixed, I will make a final post later to summarize everything.
Thans a lot drescherjm!
_________________
The box said "Requires Windows 95 or better", so I installed Linux. |
|
| Back to top |
|
|
drescherjm
Advocate
Joined: 05 Jun 2004
Posts: 2790
Location: Pittsburgh, PA, USA
|
| Posted: Wed Jan 27, 2010 3:35 pm Post subject: |
|
|
| Quote: | CIFS VFS: dns_resolve_server_name_to_ip: unable to resolve: dfshost2
CIFS VFS: cifs_compose_mount_options: Failed to resolve server part of \\dfshost2\users$ to IP: -11 |
I get these as well if I use hostnames because I of not having these machines in the dns servers (I mentioned that above look for the symbol)
Anyways my workaround was to replace all UNC dns links with ipaddresses. This may not work well for you. I know..
| Quote: | | Thans a lot drescherjm! |
Your welcome. Your post and a few google searches pushed me to try a new kernel and that lead to it working..
_________________
John
My gentoo overlay
Instructons for overlay |
|
| Back to top |
|
|
Zwartoog
Tux's lil' helper
Joined: 13 Mar 2006
Posts: 87
Location: Netherlands
|
| Posted: Thu Jan 28, 2010 9:18 am Post subject: |
|
|
Ok, so how to get DFS working these days?
First, you need a fairly recent kernel. 2.6.32-r2 seems to work. Configure it with:
| Code: |
#
# Security options
#
CONFIG_KEYS=y
# File Systems->Network File Systems
CONFIG_CIFS=m
# CONFIG_CIFS_STATS is not set
# CONFIG_CIFS_WEAK_PW_HASH is not set
# CONFIG_CIFS_UPCALL is not set
CONFIG_CIFS_XATTR=y
CONFIG_CIFS_POSIX=y
# CONFIG_CIFS_DEBUG2 is not set
CONFIG_CIFS_DFS_UPCALL=y
CONFIG_CIFS_EXPERIMENTAL=y
|
(of course you can enable more)
The CONFIG_KEYS is required for the CONFIG_CIFS_DFS_UPCALL to show up, which is the essential part.
Next, you have to compile samba-client and samba-libs. mount-cifs will not do the job as you need cifs.upcall, which is only provided by samba. On top of that, you need the keyutils package.
For samba, you need the 'ads' useflag. By default, this pulls in mit-krb5, but samba needs heimdal. So:
| Code: |
USE=ads emerge -av samba-client samba-libs heimdal keyutils
|
Note that you have to unmask some packages. I used version 3.5.0-rc2 for samba.
After everything is emerged, add:
| Code: |
create dns_resolver * * /usr/sbin/cifs.upcall %k
|
to /etc/request-key.conf
After that, mounting a DFS share should work like a charm
_________________
The box said "Requires Windows 95 or better", so I installed Linux. |
|
| Back to top |
|
|
|
Networking & Security
