Thursday, March 20, 2014

CentOS/RHEL 6.5 and CIFS mounts


It has been a long time since I wrote in here...

... but today, I just spent a good 4 hours trying to figure out why a cifs mount command that would succeed in Scientific Linux 5.4, failed in Centos 6.5 with the cryptic:
mount error(22): Invalid argument
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Which basically means, "I failed, go figure why..."
Don't you love it when Unix tools for MS interoperability inherit the MS behaviour so closely? :D

Googling for recent reports of the same problem I mostly came up with references of security negotiation mode not setup correcly and how older kernels had ntlm as default while newer the ntmlssp mode. Nada, this wasn't the case. If I entered the wrong password or username I got a different error.

People also suggested installing cifs-utils (cifs.idmap, cifs.upcall, etc) would get rid of the error. But I already had these installed.

Enter the Linux

One reference had information on how to make the kernel CIFS filesystem driver feel more chatty:
echo "0" > /proc/fs/cifs/cifsFYI
Hurray, a boatload of log messages arrived in dmesg at the next mount attempt. Watching closely now, one could easily nail the failure:
fs/cifs/cifssmb.c: Decoding GetDFSRefer response BCC: 215 Offset 56
fs/cifs/cifssmb.c: num_referrals: 1 dfs flags: 0x3 ...

fs/cifs/dns_resolve.c: dns_resolve_server_name_to_ip: unable to resolve: PUNENTES
fs/cifs/cifs_dfs_ref.c: cifs_compose_mount_options: Failed to resolve server part of \\PUNENTES\Backup$ to IP: -11

Problem solved!

Now that was a better candidate for Google. A bug report for Fedora came up in the results, suggesting that /etc/request-key.d be populated with two entries. One was already present in my system (as part of cifs-utils rpm) the other was not:
cat > /etc/request-key.d/dns_resolver.conf
create dns_resolver * * /usr/sbin/cifs.upcall %k
And yes,  that did it.

Inspecting the Scientific Linux system further, the dns_resolver line above was present in /etc/request-key.conf (provided by keyutils rpm) but was missing in the CentOS version. Manpage for cifs.upcall also mentions that dns_resolver should be present.

Packaging oversight? Who knows...

Laters!!


Posted by at No comments:
Subscribe to: Posts (Atom)