[Samba] autofs + cifs + kerberos
steve
steve at steve-ss.com
Fri Sep 5 23:23:52 MDT 2014
On Sat, 2014-09-06 at 03:56 +0800, Sketch wrote:
> On Fri, 5 Sep 2014, steve wrote:
>
> > It depends how you mount the share. If you are still relying on user
> > caches with user=, I doubt whether they will be owned by root. Have you
> > tried the keytab method? That way they will be owned by root and the
> > automounter will use them.
>
> I assumed that using user=cifs, and having the keytab for user cifs in
> /etc/krb5.keytab would make it use the keytab entry. In fact, I just
> tested it and it doesn't matter whether I put user=cifs in the autofs map,
> I don't see a user= in /proc/mounts.
>
> # cat /proc/mounts |grep cifs
> //fileserver/public/ /share/public cifs rw,relatime,sec=krb5,cache=loose,unc=\\fscluster\public,multiuser,uid=0,noforceuid,gid=0,noforcegid,addr=10.10.20.80,unix,posixpaths,serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1 0 0
>
> and the autofs map:
> public | -fstype=cifs,sec=krb5,multiuser ://fileserver/public
mmm. No, that won't work because you haven't specified the user. Try
creating or nominating a user with rfc2307 attributes to mount the
share. Add that user to the keytab:
-fstype=cifs,sec=krb5,username=youruser,multiuser
More information about the samba
mailing list