gio mount asks for password despite valid kerberos ticket
Hi,
I'd like to use nautilus to mount a SMB share with kerberos without password prompt, but gvfs / nautilus asks for password even if a valid kerberos ticket exists.
$ kinit username
$ smbclient //server/share -k # works
$ gio mount smb://DOMAIN;
Authentification Required
Enter password for share "share" on "server":
Password:^C # here I press CTRL+C but `gio mount` proceeds with the mount using kerberos cached ticket
$ gio mount smb://DOMAIN;
gio: smb://DOMAIN;
Using nautilus, the password is asked but clicking "Unlock" without entering a password mounts the share using the Kerberos ticket.
I had a look to https:/
Is there any way to disable the password prompt ? Do I have a misconfiguration somewhere (server side maybe ?) ? I tried adding `client use kerberos = required` to smb.conf without results. Should I file a bug ?
Best regards,
Maxime
System informations :
Ubuntu 22.04 - gvfs 1.48.2 - nautilus 42.2
I noted the same issue on Ubuntu 20.04
CIFS server is NetApp configured with Active Directory authentification.
[1] : https:/
--
Below the log from gvfsd when `gio mount smb://DOMAIN;
$ pkill gvfs; pkill nautilus; LANG=C GVFS_DEBUG=1 GVFS_SMB_DEBUG=10 $(find /usr/lib* -name gvfsd 2>/dev/null) --replace 2>&1 | tee gvfsd.log
smb: g_vfs_backend_
smb: Added new job source 0x5639ebefc080 (GVfsBackendSmb)
smb: Queued new job 0x5639ebefd960 (GVfsJobMount)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
auth_audit: 10
auth_json_audit: 10
kerberos: 10
drs_repl: 10
smb2: 10
smb2_credits: 10
dsdb_audit: 10
dsdb_json_audit: 10
dsdb_
dsdb_
dsdb_
dsdb_
dsdb_group_audit: 10
dsdb_
Using netbios name UBUNTU-JAMMY.
Using workgroup DOMAIN.
smb: do_mount - URI = smb://server.
smb: do_mount - try #0
smbc_stat(
smb: auth_callback - normal pass
smb: auth_callback - asking for password...
smb: auth_callback - out: last_user = 'username', last_domain = 'DOMAIN'
SMBC_server: server_
-> server_
Opening cache file at /run/samba/
tdb(/run/
gencache_init: Opening user cache file /home/vagrant/
sitename_fetch: No stored sitename for realm ''
internal_
namecache_fetch: name server.tld#20 found.
remove_
Connecting to 152.77.141.18 at port 445
socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0
cli_session_
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gensec_update_send: gse_krb5[
gensec_update_send: spnego[
gensec_update_done: gse_krb5[
gensec_update_done: spnego[
gensec_update_send: gse_krb5[
gensec_update_send: spnego[
gensec_update_done: gse_krb5[
gensec_update_done: spnego[
session setup ok
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
tconx ok
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
Case sensitive: True
Server connect ok: //server.
SMBC_getatr: sending qpathinfo
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
signed SMB2 message (sign_algo_id=1)
smb: do_mount - [smb://
smb: do_mount - login successful
smb: send_reply(
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Ubuntu gvfs Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- Maxime Accadia
- Solved:
- Last query:
- Last reply: