Using cifs to mount home directories instead of nfs (was : Re: Proposal/Idea: Remove support for using rfc2307 attributes for s4 id-mapping?)
denis.cardon at tranquil-it-systems.fr
Tue Oct 16 07:09:29 MDT 2012
>>> We can't use cifs to serve the Linux clients as the file ownership
>>> is always that of the user who mounted the file system, not the
>>> authenticated user.
>> That should only happen if you don't have UNIX extensions
>> turned on at the Samba fileserver (they should be on by
>> default). With UNIX extensions the cifsfs client will
>> query the UNIX uid/gids directly from Samba in a similar
>> way to NFS.
> I'd like to be able to take nfs out of the equation but the limitation
> which cifs imposes on file ownership is too bad.
> Are you saying that I can use cifs in place of nfs for Linux clients?
> E.g. their home directories? I want files there to be user:group
> -rw-r--r-- cifs lets me do it for one user only. THat's no god in a
> mutiuser domain.
> If I have a share mounted using cifs, I can specify a uid and a gid of a
> user. If another user logs in, how do I then tell cifs that the uid:gid
> has changed without getting root to remount the share for me?
> I've tried with autofs. Is there a way to pass the uid:gid to the
> automounter so that it is mounted correctly?
You can use pam_mount or pam_script to mount the shares. Indeed while in
the pam stack, you can use the user credentials of the user logging in
(that is just after the login screen).
Using those credentials you can mount the share with mount.cifs and the
right user id and getting the correct rights. Note: pam_script is much
more easier to work with than pam_mount.
It is even better to use pam_winbind to get a kerberos ticket and use it
for authentication to mount shares if the DC is samba4/ADS.
I've been going away from nfs because of user acl nighmare on the shares
and I don't look behind.
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 184.108.40.206.55
More information about the samba-technical