cifs mount options: was [Re: Proposal/Idea: Remove support for using rfc2307 attributes for s4 id-mapping?]

steve steve at
Tue Oct 16 11:17:50 MDT 2012

On 16/10/12 15:23, simo wrote:
> On Tue, 2012-10-16 at 09:16 -0400, simo wrote:
>> On Tue, 2012-10-16 at 13:43 +0200, steve wrote:
>>> On 16/10/12 12:30, Jeremy Allison wrote:
>>>> On Tue, Oct 16, 2012 at 11:28:26AM +0200, steve wrote:
>>> Are you saying that I can use cifs in place of nfs for Linux clients?
>>> E.g. their home directories? I want files there to be user:group
>>> -rw-r--r-- cifs lets me do it for one user only. THat's no god in a
>>> mutiuser domain.
>> you just need top enable multiuser mounts.
>> See the cifs docs.
>>> If I have a share mounted using cifs, I can specify a uid and a gid of a
>>> user. If another user logs in, how do I then tell cifs that the uid:gid
>>> has changed without getting root to remount the share for me?
>> See above.
>>> I've tried with autofs. Is there a way to pass the uid:gid to the
>>> automounter so that it is mounted correctly?

Hi Simo

Firstly plase accept my apologies for hijacking the thread. I just lost 
it a little when I thought about the consequences of the proposal.

Thanks. I had no idea about the multiuser mount option. It must be a 
recent addition within the last year perhaps?

>> No, autofs is not the best option in this case, although certainly an
>> option.

Actually it works OK with the automounter. With the multiuser option, 
cifs works as a drop in replacement for nfs, and the acls are preserevd too.

All I did was change the automount map from this:
* -rw,sec=krb5 hh1:/home2/&
to this:
* -fstype=cifs,rw,sec=krb5,multiuser ://hh1/home2/&

My only problem was realising that root had to have tickets to be able 
to mount the share. I added a user called root to AD and gave him a 
uidNumber of 0. I then extracted his keytab so he could authenticate 
without a password on boot.

Question: The 'keytab for root' method works, but I'm sure that this is 
not the correct way to go about it. Is there an official way to do this?


More information about the samba-technical mailing list