[Samba] Accessing multiple Active Directory accounts simultaneously from a single Linux server

Andy Liebman andyliebman at aol.com
Sun Nov 3 20:33:59 MST 2013 

Hi again, sorry for the noise.  Solved my own problem. 


Doing the following allows me to mount Storage Server shares from any Linux server


-- sudo kinit user1
-- enter user1's password
-- sudo mount -t cifs //FQDN_of_StorageServer/ShareName   /path/to/mountpoint   -o rw,noperm,sec=krb5,domain=mydomain


However, I can see that trying to do this for multiple different users on the same Linux server could be complicated.  Can you "switch users" by going through another "kinit" command to a different user? I have tried it and it seems to work sometimes, but other times when I switch users with a new "kinit" I get a message "Cannot allocate memory".  I'm am also worried that there will be confusion about what user has mounted the share because that is important. 


It seems it would be better to NOT use Kerberos from the Linux server but instead use NTLMv2.  NTLMv2 is enabled in my smb.conf file but if I try to mount a share as follows: 


-- sudo mount -t cifs //FQDN_of_StorageServer/ShareName  /path/to/mountpoint   -o,rw,noperm,sec=ntlmv2,username=user1,password={his password} 


I get back "mount error(13):  Permission denied.   Is it possible to use NTLM here instead of Kerberos? 



-- Andy



To mount with NTLMv2 authentication, I had to make two changes: 




1.  The Storage Server somehow had lost its connection with the domain.  It's strange, because using Kerberos authentication, I was able to mount shares from a remote Linux box.  However, using NTLMv2, I was getting messages in the logs about "NT_STATUS_NO_LOGON_SERVERS"  and "net ads info" and "net ads testjoin" were both showing the same.  Running "net ads join -U {authorized user} fixed that again.  Have to investigate why. 


2.  Once the above problem was fixed, I was able to mount by NTLMv2 with the following commands: 


sudo mount -t cifs //Fully_Qualified_Domain_Name_of_Storage_Server/ShareName  /mount/point  -o username=MYDOMAIN/andyl,password={andyl's password},sec=ntlmv2,rw,noperm


This above command also worked with the IP Address instead of the FQDN. 


--Andy

More information about the samba mailing list