Mounting cifs-share with kerberos fails: mount error(126): Required key not available

Recently mounting a samba-share by using Kerberos stopped working. The same share with the same mount options on another server works. So I assume there is nothing wrong with our DNS-Setup and or Active Directory Setup. Seems to be a client problem.

Output of

mount share

mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

The fstab-entry looks like this:

//servername/share /home/username/share cifs _netdev,users,sec=krb5,noperm,noauto 0 0

Log shows this:

Feb 21 10:01:11 clientserver cifs.upcall: key description: cifs.spnego;0;0;39010000;ver=0x2;host=192.168.0.7;ip4=192.168.0.7;sec=krb5;uid=0x2b9d;creduid=0x2b9d;user=username;pid=0x68c6

Feb 21 10:01:11 clientserver cifs.upcall: ver=2
Feb 21 10:01:11 clientserver cifs.upcall: host=192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: ip=192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: sec=1
Feb 21 10:01:11 clientserver cifs.upcall: uid=11165
Feb 21 10:01:11 clientserver cifs.upcall: creduid=11165
Feb 21 10:01:11 clientserver cifs.upcall: user=username
Feb 21 10:01:11 clientserver cifs.upcall: pid=26822
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: scandir error on directory '/run/user/11165': No such file or directory
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_11165 is valid ccache
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11167
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11167 is owned by 11167, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_0
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_0 is owned by 0, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11176
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11176 is owned by 11176, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11174
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11174 is owned by 11174, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: considering /tmp/krb5cc_11308
Feb 21 10:01:11 clientserver cifs.upcall: find_krb5_cc: /tmp/krb5cc_11308 is owned by 11308, not 11165
Feb 21 10:01:11 clientserver cifs.upcall: handle_krb5_mech: getting service ticket for 192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: cifs_krb5_get_req: unable to get credentials for 192.168.0.7
Feb 21 10:01:11 clientserver cifs.upcall: handle_krb5_mech: failed to obtain service ticket (-1765328377)
Feb 21 10:01:11 clientserver cifs.upcall: Unable to obtain service ticket
Feb 21 10:01:11 clientserver cifs.upcall: Exit status -1765328377

Seems like the hostname resolution does not work correctly. I don't know how cifs.upcall gets the hostname but if I check the DNS records A,PTR seem to be ok. And netbios resolution does also work.

So how does kerberos lookup the hostname. Does it extract the hostname out of the UNC-Path?

Writing the Hostname into /etc/hosts does not work neither. Nevertheless another server with the same windbind, samba, cifs.upcall and kerberos Version does work. The resolv.conf has also the same entries. There are some other samba-shares that work perfectly with kerberos. So I am a little bit stuck now. Any help would be appreciated.