Hi Ed and Dan,
Normally I follow these steps for setting up
Kerberos and Mount for first time. I have just drafted the steps in a very simple way to follow, please try these (if you have not already). If after trying these steps does not resolved your problem then we may need to collect syslog and traces to see why mount is not happening. Please update. Thanks!
Steps:
On SMB server:
Step1) ktpass.exe -princ host/<Client LPAR hostname>@AZURE -mapuser <user name> -pass <password> -ptype KRB5_NT_PRINCIPAL -out <hostname short>.keytab
copy <hostname short>.keytab to client LPAR: /home/SMB3.0.2/Kerberos
For Example:
ktpass.exe -princ host/clientLPAR.in.ibm.com@AZURE -mapuser clientUser -pass clientPassword -ptype KRB5_NT_PRINCIPAL -out clientLPAR.keytab
copy clientLPAR.keytab to clientLPAR.in.ibm.com: /home/SMB3.0.2/Kerberos
On client LPAR:
Step 1) chdev -l sys0 -a max_logname='64'
Step 2) mkuser -R KRB5files SYSTEM=KRB5files registry=KRB5files clientUser
Step 3) Inside dir /home/SMB3.0.2/Kerberos
(0) root @ clientUser: /home/SMB3.0.2/Kerberos
# ls
clientLPAR.keytab
Step 4)
(0) root @ clientUser: /home/SMB3.0.2/Kerberos
# ktutil
ktutil: rkt clientLPAR.keytab
ktutil: wkt /etc/krb5/krb5.keytab
ktutil: q
Step 5)
(0) root @ clientUser: /home/SMB3.0.2/Kerberos
# klist -k
Key table: /etc/krb5/krb5.keytab
Number of entries: 1
[1] principal: host/clientLPAR.in.ibm.com@AZURE
KVNO: 3
Step 6)
# installp -agXYd . smbc.rte
Step 7)
# mount -v smbc -n djvmimport.file.core.windows.net/djvmimport/<password> -o wrkgrp=AZURE,pver=3.0.2 /filesharetest /mnt/azureSMB3
Thanks,
Dimpu Kumar Nath
Email: dimpnath@in.ibm.com
------------------------------
DIMPU NATH
------------------------------
Original Message:
Sent: Mon June 14, 2021 04:50 PM
From: Dan Jones
Subject: SMB 3.0.2 Connection Error
Hey Ed,
I haven't been able to resolve it. I got stuck in Kerberos h*ll and had to put it aside to let my blood pressure lower. ;-)
Dan
------------------------------
Dan Jones
Original Message:
Sent: Fri June 11, 2021 02:56 PM
From: Ed Stuart
Subject: SMB 3.0.2 Connection Error
Hi Dan;
Were you able to resolve this? We are experiencing the same symptoms.
------------------------------
Ed Stuart
Original Message:
Sent: Mon January 25, 2021 11:33 AM
From: Dan Jones
Subject: SMB 3.0.2 Connection Error
Yes, I'm using that documentation. I think I've narrowed it down to a Kerberos issue. I'm exploring that and will report back once I'm able to short that to ground.
------------------------------
Dan Jones
Original Message:
Sent: Mon January 25, 2021 02:53 AM
From: DIMPU NATH
Subject: SMB 3.0.2 Connection Error
Hi Dan,
Did you follow the SMB 3.0.2 configuration document "SMBC_Configuration_1.3.4.pdf" available along with the web download of SMB 3.0.2 fileset ?
Here is the link -> https://www-01.ibm.com/marketing/iwm/iwm/web/pickUrxNew.do?source=aixbp
If not please follow the steps as mentioned, i hope it will be helpful.
Thanks!
------------------------------
DIMPU NATH
Original Message:
Sent: Sun January 24, 2021 02:40 PM
From: Dan Jones
Subject: SMB 3.0.2 Connection Error
I'm running into an error trying to establish an SMB connection to an Azure fileshare.
bash-5.0# mount -v smbc -n djvmimport.file.core.windows.net/djvmimport -o wrkgrp=AZURE,pver=3.0.2 /filesharetest /mnt/azureSMB3
There was an error connecting the share or the server. Make sure the lsdev command shows that device nsmbc0 is in the Available state. Also make sure that the share name, user name and password are accurate
The credential is stored using mksmbcred:
bash-5.0# lssmbcred -s djvmimport.file.core.windows.net
server: djvmimport.file.core.windows.net user: djvmimport
I've installed Kerberos and SMB 3.0.2 on AIX 7200-03-02-1846
bash-5.0# lslpp -l | grep krb5
krb5.client.rte 1.16.1.4 COMMITTED Network Authentication Service
krb5.client.samples 1.16.1.4 COMMITTED Network Authentication Service
krb5.doc.en_US.html 1.16.1.4 COMMITTED Network Auth Service HTML
krb5.doc.en_US.pdf 1.16.1.4 COMMITTED Network Auth Service PDF
krb5.lic 1.16.1.4 COMMITTED Network Authentication Service
krb5.server.rte 1.16.1.4 COMMITTED Network Authentication Service
krb5.toolkit.adt 1.16.1.4 COMMITTED Network Authentication Service
krb5.client.rte 1.16.1.4 COMMITTED Network Authentication Service
krb5.server.rte 1.16.1.4 COMMITTED Network Authentication Service
bash-5.0# lslpp -l smbc.rte
Fileset Level State Description
----------------------------------------------------------------------------
Path: /usr/lib/objrepos
smbc.rte 7.1.302.3 COMMITTED AIX Runtime for SMB Client
Path: /etc/objrepos
smbc.rte 7.1.302.3 COMMITTED AIX Runtime for SMB Client
I've confirmed nsmbc0 is available
bash-5.0# lsdev | grep nsmbc0
nsmbc0 Available N/A
I've confirmed the parameters are valid, they work on a Linux VM. I've also confirmed the LPAR can reach the fileshare.
I'm looking for any clues on how to debug this to determine specifically what's failing during the connection attempt.
Thanks!
------------------------------
Dan Jones
------------------------------