[Samba] permission denied with windows acls

[Peter Carlson]

On 1/28/24 09:27, Rowland Penny via samba wrote:
> On Sun, 28 Jan 2024 08:47:28 -0800
> Peter Carlson via samba<samba at lists.samba.org>  wrote:
>
>> On 1/27/24 03:19, Rowland Penny via samba wrote:
>>> You are close, but are missing a parameter, try opening a terminal
>>> on u2gui (which I take it is the hostname for the domain joined
>>> client you are trying to mount the share to). Then type this:
>>>
>>> sudo mount -t cifs //fs.carlson.lab/test /mnt/test -o
>>> sec=krb5,username=U2GUI$,multiuser
>>>
>>> Now go and look at /mnt/test
>>>
>>> Rowland
>>>
>> I am still getting permission denied.  Does the machine need a user
>> account? I thought that with multiuser it just needed a computer
>> account
> It does just need a computer account and a computer account is just a
> user account with an extra objectclass.
except that the computer isn't normally a member of Domain Users, but 
Domain Computers...so...that got me thinking and I added the computer to 
Domain Users and now it can mount.  But is that the right thing to do?
>>      root at u2gui:~# mount -t cifs //fs1.carlson.lab/test /mnt/test -o
>>      sec=krb5,username=U2GUI$,multiuser
>>      mount error(13): Permission denied
>>      Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and
>>      kernel log messages (dmesg)
>>
> Hmm, it works for myself:
>
> rowland at testdm12:~$ ls /mnt/test
> rowland at testdm12:~$
> rowland at testdm12:~$ sudo mount -t cifs //devstation.samdom.example.com/data /mnt/test -o sec=krb5,username=TESTDM12$,multiuser
> rowland at testdm12:~$ ls /mnt/test
> guest.txt  smbtest  test.txt
> rowland at testdm12:~$
>
> testdm12 is the client and is joined to the domain, devstation is the
> server.
> The client is also an Oracle virtualbox VM running Debian bookworm and
> I had to restart it to retest and it just worked.
>
Also I had to reboot too, I wonder if it's caching something.  Once I 
think this works, I will destroy the vm and try again from the beginning