[Samba] autofs + cifs + kerberos

Sketch smblist at rednsx.org
Sat Sep 6 08:56:24 MDT 2014

On Sat, 6 Sep 2014, steve wrote:

> On Sat, 2014-09-06 at 03:56 +0800, Sketch wrote:
>> I assumed that using user=cifs, and having the keytab for user cifs in
>> /etc/krb5.keytab would make it use the keytab entry.  In fact, I just
>> tested it and it doesn't matter whether I put user=cifs in the autofs map,
>> I don't see a user= in /proc/mounts.
>> # cat /proc/mounts |grep cifs
>> //fileserver/public/ /share/public cifs rw,relatime,sec=krb5,cache=loose,unc=\\fscluster\public,multiuser,uid=0,noforceuid,gid=0,noforcegid,addr=,unix,posixpaths,serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1 0 0
>> and the autofs map:
>>    public | -fstype=cifs,sec=krb5,multiuser ://fileserver/public
> mmm. No, that won't work because you haven't specified the user. Try
> creating or nominating a user with rfc2307 attributes to mount the
> share. Add that user to the keytab:
> -fstype=cifs,sec=krb5,username=youruser,multiuser

Yep, that's exactly what I was doing before, I guess I misunderstood your 
last email about using the keytab, I thouhgt you meant without specifying 
the user.  Before I had:

     public | -fstype=cifs,sec=krb5,user=cifs,multiuser ://fileserver/public

...and it still stopped working after a while.  Also, the output of 
/proc/mounts was identical either way.  It always said uid=0 and did not 
mention the user I used in the map.  I assumed that was due to the way the 
multiuser option works.

I did see one difference on the samba server side, though.  When I used 
user=cifs, I saw a mount by user cifs in smbstatus.  Without it, I only 
saw the user accessing the share.

More information about the samba mailing list