[Samba] how to automount a kerberos cifs share

steve steve at steve-ss.com
Thu Jun 14 02:35:15 MDT 2012

On 06/13/2012 11:30 PM, Gaiseric Vandal wrote:
> On 06/13/12 17:08, steve wrote:
>> On 13/06/12 21:10, Gaiseric Vandal wrote:
>>> How about if you use NFS v4 with kerberos instead of CIFS?
>>> On 06/13/12 14:58, steve wrote:
>>>> Hi
>>>> I have an automount map:
>>>> * -fstype=cifs,sec=krb5 ://server/share/&
>>>> It works fine, but only if Administrator has tickets. I can't do that
>>>> on every client!
>>>> Is there any way I can store the Administrator key in a keytab and use
>>>> that? Or any other solution?
>>>> Cheers,
>>>> Steve
>> Hi Gaiseric
>> Yes, that would be perfect as we are using kerberized nfs3 for
>> everything else.
>> The problem with nfs4 is that you can't have group rw shares and also
>> there is no document locking between libreoffice and m$office:-(
>> This particular share _has_ to be cifs.
>> Thanks,
>> Steve
> What OS are you running?
openSUSE 12.1, also tested with the same behavior on Ubuntu LTS
>   My experience is that Solaris backported
> kerberos to nfs v3 but that linux requires nfs v4 for kerberos.    NFS
> talks to GSS  which in turn talks to Kerberos.
No. Kerberos works fine with nfs3 on Linux. We have to use v3 due to the 
(poorly designed) nfs4 acl's.
>     autofs runs as root so
> with nfs  you would add creds to the local keytab for root  to make that
> work.
tracing with gssd -fvvv it seems that it looks in the keytab (ours is at 
/etc/krb5.keytab), finds the machine key and mounts the share.
>    No   I take it autofs on linux works with more than just NFS.
Yep. It works fine with cifs too. We just need a way of getting it to 
automount without having to give the Administrator password.

IOW, the equivalent of nfs but for cifs. How to get cifs to look at a 
keytab. . .
Cheers and thanks for your tine,

More information about the samba mailing list