[Samba] how to automount a kerberos cifs share

steve steve at steve-ss.com
Thu Jun 14 02:35:15 MDT 2012


On 06/13/2012 11:30 PM, Gaiseric Vandal wrote:
> On 06/13/12 17:08, steve wrote:
>> On 13/06/12 21:10, Gaiseric Vandal wrote:
>>> How about if you use NFS v4 with kerberos instead of CIFS?
>>>
>>>
>>>
>>> On 06/13/12 14:58, steve wrote:
>>>> Hi
>>>>
>>>> I have an automount map:
>>>> * -fstype=cifs,sec=krb5 ://server/share/&
>>>>
>>>> It works fine, but only if Administrator has tickets. I can't do that
>>>> on every client!
>>>>
>>>> Is there any way I can store the Administrator key in a keytab and use
>>>> that? Or any other solution?
>>>>
>>>> Cheers,
>>>> Steve
>>>>
>> Hi Gaiseric
>> Yes, that would be perfect as we are using kerberized nfs3 for
>> everything else.
>>
>> The problem with nfs4 is that you can't have group rw shares and also
>> there is no document locking between libreoffice and m$office:-(
>>
>> This particular share _has_ to be cifs.
>> Thanks,
>> Steve
>>
> What OS are you running?
openSUSE 12.1, also tested with the same behavior on Ubuntu LTS
>   My experience is that Solaris backported
> kerberos to nfs v3 but that linux requires nfs v4 for kerberos.    NFS
> talks to GSS  which in turn talks to Kerberos.
No. Kerberos works fine with nfs3 on Linux. We have to use v3 due to the 
(poorly designed) nfs4 acl's.
>     autofs runs as root so
> with nfs  you would add creds to the local keytab for root  to make that
> work.
tracing with gssd -fvvv it seems that it looks in the keytab (ours is at 
/etc/krb5.keytab), finds the machine key and mounts the share.
>    No   I take it autofs on linux works with more than just NFS.
>
Yep. It works fine with cifs too. We just need a way of getting it to 
automount without having to give the Administrator password.

IOW, the equivalent of nfs but for cifs. How to get cifs to look at a 
keytab. . .
Cheers and thanks for your tine,
Steve



More information about the samba mailing list