[Samba] Samba4 Does cifs need a keytab for the multiuser option?
steve
steve at steve-ss.com
Thu Apr 11 10:27:47 MDT 2013
Hi
samba --version
Version 4.0.6-GIT-4bebda4
smb.conf:
[users]
path = /home/users
read only = No
Working on the DC which is also the fileserver
user steve2 can write to his folder at /home/users/steve2
But if we now mount the share:
sudo mount -t cifs //doloresdc/users /mnt -osec=krb5,multiuser
he can't write to the mounted share at /mnt/users/steve2 He gets
'Permission denied'. His id is the same, all that's changed is that now
it's mounted via cifs.
The mount:
Apr 11 18:18:16 doloresdc cifs.upcall: key description:
cifs.spnego;0;0;3f000000;ver=0x2;host=doloresdc;ip4=192.168.1.100;sec=krb5;uid=0x0;creduid=0x0;user=root;pid=0x116b
Apr 11 18:18:16 doloresdc cifs.upcall: ver=2
Apr 11 18:18:16 doloresdc cifs.upcall: host=doloresdc
Apr 11 18:18:16 doloresdc cifs.upcall: ip=192.168.1.100
Apr 11 18:18:16 doloresdc cifs.upcall: sec=1
Apr 11 18:18:16 doloresdc cifs.upcall: uid=0
Apr 11 18:18:16 doloresdc cifs.upcall: creduid=0
Apr 11 18:18:16 doloresdc cifs.upcall: user=root
Apr 11 18:18:16 doloresdc cifs.upcall: pid=4459
Apr 11 18:18:16 doloresdc cifs.upcall: find_krb5_cc: considering
/tmp/krb5cc_0
Apr 11 18:18:16 doloresdc cifs.upcall: find_krb5_cc: FILE:/tmp/krb5cc_0
is valid ccache
Apr 11 18:18:16 doloresdc cifs.upcall: handle_krb5_mech: getting service
ticket for doloresdc
Apr 11 18:18:16 doloresdc cifs.upcall: handle_krb5_mech: obtained
service ticket
user steve2, (uid=3000032) goes to his cifs mounted share:
Apr 11 18:19:50 doloresdc cifs.upcall: key description:
cifs.spnego;3000032;20513;3f000000;ver=0x2;host=doloresdc;ip4=192.168.1.100;sec=krb5;uid=0x2dc6e0;creduid=0x2dc6e0;pid=0x1193
Apr 11 18:19:50 doloresdc cifs.upcall: ver=2
Apr 11 18:19:50 doloresdc cifs.upcall: host=doloresdc
Apr 11 18:19:50 doloresdc cifs.upcall: ip=192.168.1.100
Apr 11 18:19:50 doloresdc cifs.upcall: sec=1
Apr 11 18:19:50 doloresdc cifs.upcall: uid=3000032
Apr 11 18:19:50 doloresdc cifs.upcall: creduid=3000032
Apr 11 18:19:50 doloresdc cifs.upcall: pid=4499
Apr 11 18:19:50 doloresdc cifs.upcall: find_krb5_cc: considering
/tmp/krb5cc_3000032_NI8WDi
Apr 11 18:19:50 doloresdc cifs.upcall: find_krb5_cc:
FILE:/tmp/krb5cc_3000032_NI8WDi is valid ccache
Apr 11 18:19:50 doloresdc cifs.upcall: find_krb5_cc: considering
/tmp/krb5cc_0
Apr 11 18:19:50 doloresdc cifs.upcall: find_krb5_cc: /tmp/krb5cc_0 is
owned by 0, not 3000032
Apr 11 18:19:50 doloresdc cifs.upcall: handle_krb5_mech: getting service
ticket for doloresdc
Apr 11 18:19:50 doloresdc cifs.upcall: handle_krb5_mech: obtained
service ticket
but cannot write to it:(
This works OK if I drop the multiuser option but that's no good for us
as we're trying to migrate erm, multiple users from nfs to cifs on our
Linux boxes.
Question: Am I missing a keytab? Does cifs need any keys for the
multiuser option?
Cheers,
Steve
More information about the samba
mailing list