[Samba] how to automount a kerberos cifs share
steve at steve-ss.com
Thu Jun 14 02:35:15 MDT 2012
On 06/13/2012 11:30 PM, Gaiseric Vandal wrote:
> On 06/13/12 17:08, steve wrote:
>> On 13/06/12 21:10, Gaiseric Vandal wrote:
>>> How about if you use NFS v4 with kerberos instead of CIFS?
>>> On 06/13/12 14:58, steve wrote:
>>>> I have an automount map:
>>>> * -fstype=cifs,sec=krb5 ://server/share/&
>>>> It works fine, but only if Administrator has tickets. I can't do that
>>>> on every client!
>>>> Is there any way I can store the Administrator key in a keytab and use
>>>> that? Or any other solution?
>> Hi Gaiseric
>> Yes, that would be perfect as we are using kerberized nfs3 for
>> everything else.
>> The problem with nfs4 is that you can't have group rw shares and also
>> there is no document locking between libreoffice and m$office:-(
>> This particular share _has_ to be cifs.
> What OS are you running?
openSUSE 12.1, also tested with the same behavior on Ubuntu LTS
> My experience is that Solaris backported
> kerberos to nfs v3 but that linux requires nfs v4 for kerberos. NFS
> talks to GSS which in turn talks to Kerberos.
No. Kerberos works fine with nfs3 on Linux. We have to use v3 due to the
(poorly designed) nfs4 acl's.
> autofs runs as root so
> with nfs you would add creds to the local keytab for root to make that
tracing with gssd -fvvv it seems that it looks in the keytab (ours is at
/etc/krb5.keytab), finds the machine key and mounts the share.
> No I take it autofs on linux works with more than just NFS.
Yep. It works fine with cifs too. We just need a way of getting it to
automount without having to give the Administrator password.
IOW, the equivalent of nfs but for cifs. How to get cifs to look at a
keytab. . .
Cheers and thanks for your tine,
More information about the samba