[Samba] getting ERROR: failed to setup guest info. But I cannot setup a guest account due to security policies

steve steve at steve-ss.com
Tue Nov 12 11:39:48 MST 2013


On Tue, 2013-11-12 at 13:27 -0500, Jon West wrote:
> Sure, its a single windows share that's hosted on a windows machine
> thats a part of an AD domain. This can be done by typing in the user
> ADusername and ADpassword as the username and password arguments in
> the mount commad (mount -t cifs blah blah blah -o username=username
> password=password blah blah blah) But due to security policy we can't
> have people typing out their passwords in plaintext on the screen and
> I can't have a password file to look up to store those passwords, plus
> it would be annoying to have to go and change the file every time a
> user changes their domain password. What I would like to happen is for
> the user to just be able to type "mount -t
> cifs //server/share /localdir" I can't have the domain passwords
> displayed in plain text or transmitted in plain text
> 

OK. We'll automount it whenever the user goes to the share. No passwords
or usernames. All Kerberos.

AD hostname adserver
Share that needs mounting someplace (could be c:\users\jon\someplace)
Mount point on client /home/someplace

/etc/auto.master
/home /etc/auto.someplace

/etc/auto.someplace
someplace -fstype=cifs, sec=krb5,username=MACHINE
$,multiuser ://adserver/someplace

We'll need to know the cifs.upcall config in:
/etc/request-key.conf

Make sure autofs and cifs-utils are installed and that /home/someplace
does not exist.
fire up autofs and have a look at the output of mount

Now login as a domain user and go to /home/someplace

Any problems: tail -28 /var/log/messages
just after you attempt the mount.

HTH
Steve



> 
> 
> On Tue, Nov 12, 2013 at 1:17 PM, steve <steve at steve-ss.com> wrote:
>         On Tue, 2013-11-12 at 18:06 +0000, Rowland Penny wrote:
>         > On 12/11/13 18:04, steve wrote:
>         > > On Tue, 2013-11-12 at 12:57 -0500, Jon West wrote:
>         > >> You are correct, only want to authenticate  with AD
>         credentials, also
>         > >> want to be able to mount a windows share (from the native
>         windows
>         > >> machine) on the linux machine without having to type in
>         domain
>         > >> credentials at each time of mount or have the passwords
>         stored in
>         > >> plaintext on the linux machine
>         > >>
>         > > **posts are crossing. I'll shut up until we sync.
>         > > Steve
>         > >
>         > >
>         > No, I'll shut up, you tell him about Autofs
>         >
>         > Rowland
>         >
>         
>         
>         LOL. Putting on autofs hat! Let's make a start. this could be
>         a long
>         one. . .
>         
>         Will need to know what needs mounting. @Jon can you give us a
>         bit more
>         detail of the stuff you need cifs-ing over to the Red Hat
>         clients? Or
>         maybe you'd be satisfied with a permanent fstab mount?
>         Cheers,
>         Steve
>         
>         
> 
> 




More information about the samba mailing list