Skip to content

Issue: SMB Network share #1303

New issue
New issue
Open
Open
Issue: SMB Network share#1303
Labels
bugSomething isn't working
@jp10jp

Description

@jp10jp
jp10jp
opened on Oct 19, 2025

Is there an existing issue for this?

  • I have searched the existing issues and found none that matched mine

Describe the issue

Trying to execute a SMB mount with the Network share GPO, but been unsuccessful. The error i see is "cifs.upcall: check_service_ticket_exists: unable to get client principal from cache: no credentials cache found (filename: /tmp/krb5cc_0)".
It runs the cif.upcall as root, but the ticket has ownership as the user that initially logged in, not root. How can i get cifs.upcall to run as the logged in user and not as root?

Also, I see the kerberos ticket when i run a klist and also in the /tmp directory. The environment variable also calls out the correct ticket. But, cifs.upcall is looking for exactly /tmp/krb5cc_0.

I have tried adding the following:

in the sssd.conf file:
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U

in the krb.conf file:
default_ccache_name = FILE:/tmp/krb5cc_%{uid}

in the adsys.yaml file:
detect_cached_ticket = true

Restarted sssd and adsys services. Rebooted the system. But, still have not been able to get cifs.upcall to point to the correct ticket name and pick up the client principal from cache. Wanted to know if anyone knows the fix?

Steps to reproduce it

Went to the 'System mounts" policy within 'System Drive Mapping'. I enabled and applied the policy and entered in the following:
[krb5]smb:///smb_share.

After i completed applying the policy, i ran a policy refresh on my linux machine.

Ubuntu users: System information

No response

Non Ubuntu users: System information

Environment

  • adsys version: please run adsysctl version
  • Distribution: (NAME in /etc/os-release)
  • Distribution version: (VERSION_ID on /etc/os-release):

Log files

Please redact/remove sensitive information:

adsys service logs can be acquired by running `adsysctl service cat -v`.
You can increase the amount of information displayed by increasing the verbosity level (-v) to -vv or -vvv.

Application settings

Please redact/remove sensitive information:

Paste the contents of your adsys.yaml file here, if you created one.

Additional information

No response

Double check your logs

  • I have redacted any sensitive information from the logs

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions