[Samba] autofs + cifs + kerberos

steve steve at steve-ss.com
Fri Sep 5 13:20:06 MDT 2014

On Sat, 2014-09-06 at 03:03 +0800, Sketch wrote:
> On Sat, 6 Sep 2014, Sketch wrote:
> > On Fri, 5 Sep 2014, steve wrote:
> >
> >>  The problem is that $USER needs to be in the keytab so either add keys
> >>  of anyone you think may need to share, or work around it.
> > ...
> >>  where cifsuser is the minmalist user. The cifs upcall takes care of the
> >>  rest. Make sure you have a recent cifs-utils and that keyutils is
> >>  populated correctly.
> >
> > Doesn't autofs+mount.cifs already use cifs.upcall to read the mounting user's 
> > credential cache in /tmp when using sec=krb5 without multiuser? If that's the 
> > case, it doesn't seem like switching to multiuser would change anything.
> Looks like I was right.  Switching to multiuser had no effect.  After a 
> while, I get the same errors in the log and it's unable to mount.  When it 
> was working, I could see from smbstatus that it did connect to the samba 
> server with the cifs uuser I created.
> Sep  5 13:32:29 test kernel: CIFS VFS: Send error in SessSetup = -128
> Sep  5 13:32:29 test kernel: CIFS VFS: cifs_mount failed w/return code = -128

It depends how you mount the share. If you are still relying on user
caches with user=, I doubt whether they will be owned by root. Have you
tried the keytab method? That way they will be owned by root and the
automounter will use them.

More information about the samba mailing list