[Samba] User home directory UID:GID incorrect on VM Samba 4 AD client
steve
steve at steve-ss.com
Tue Oct 29 15:55:08 MDT 2013
On Tue, 2013-10-29 at 15:39 -0600, Paul R. Ganci wrote:
> On 10/24/2013 10:05 PM, Paul R. Ganci wrote:
> > Hmmmm ... it appears I was mistaken about the cifs automount working.
> > Not sure what I did wrong. Unfortunately my real job is getting in the
> > way of my looking into the problem at the moment. For now I will just
> > live with the nfs mount and will go back to sorting this problem over
> > the weekend. I really want to set up the AD backend first then can
> > deal with cifs automount issue. I will be happy to do some speed
> > analysis then.
> >
> I successfully switched all my clients over to using the samba 4 AD
> back-end with sssd. Other than getting PAM to cooperate the changeover
> was pretty smooth actually. The only issue that I seem to have now is
> with the automount of the user home directory. If I use:
>
> > cat /etc/auto.home
> #
> # File: /etc/auto.home
> #
> # nfs automount
> * -acl nikita.myhome.nurdog.com:/home/&
>
> Everything is fine. However if I use:
>
> > cat /etc/auto.home
> #
> # File: /etc/auto.home
> #
> # cifs automount
> * -fstype=cifs,sec=krb5,multiuser,username=NAS$
> ://nikita.myhome.nurdog.com/home/&
>
> the automount fails. I find this entry in the logs on nas
>
> Oct 29 15:12:33 nas kernel: CIFS VFS: cifs_mount failed w/return code = -22
>
> but nothing on the AD nikita. Not really a big deal as I am quite happy
> to use a nfs mount but on the other hand I can't find anything on the
> internet that seemed pertinent to my situation. I really hate it when I
> don't understand behavior. Does anyone have a suggestion?
OK. Common problem. It doesn't like the machine key.
-What does klist -ke look like on nas?
-What do you have for cifs.upcall in /etc/requestkey.conf?
Now,
Try extracting the key for a real domain user (in this example,
cifsuser) and add that to the keytab on nas:
cd /etc
ktutil: addent -password -p cifsuser at HH3.SITE -k 1 -e arcfour-hmac
Password for cifsuser at HH3.SITE
ktutil: wkt krb5.keytab
ktutil: quit
replace NAS$ with cifsuser in the map.
If that works, now give cifsuser minimal privileges such as a loginShell
of /bin/false
HTH
Steve
More information about the samba
mailing list