[Samba] autofs + cifs + kerberos
Sketch
smblist at rednsx.org
Sat Sep 6 08:56:24 MDT 2014
On Sat, 6 Sep 2014, steve wrote:
> On Sat, 2014-09-06 at 03:56 +0800, Sketch wrote:
>> I assumed that using user=cifs, and having the keytab for user cifs in
>> /etc/krb5.keytab would make it use the keytab entry. In fact, I just
>> tested it and it doesn't matter whether I put user=cifs in the autofs map,
>> I don't see a user= in /proc/mounts.
>>
>> # cat /proc/mounts |grep cifs
>> //fileserver/public/ /share/public cifs rw,relatime,sec=krb5,cache=loose,unc=\\fscluster\public,multiuser,uid=0,noforceuid,gid=0,noforcegid,addr=10.10.20.80,unix,posixpaths,serverino,acl,noperm,rsize=1048576,wsize=65536,actimeo=1 0 0
>>
>> and the autofs map:
>> public | -fstype=cifs,sec=krb5,multiuser ://fileserver/public
>
> mmm. No, that won't work because you haven't specified the user. Try
> creating or nominating a user with rfc2307 attributes to mount the
> share. Add that user to the keytab:
>
> -fstype=cifs,sec=krb5,username=youruser,multiuser
Yep, that's exactly what I was doing before, I guess I misunderstood your
last email about using the keytab, I thouhgt you meant without specifying
the user. Before I had:
public | -fstype=cifs,sec=krb5,user=cifs,multiuser ://fileserver/public
...and it still stopped working after a while. Also, the output of
/proc/mounts was identical either way. It always said uid=0 and did not
mention the user I used in the map. I assumed that was due to the way the
multiuser option works.
I did see one difference on the samba server side, though. When I used
user=cifs, I saw a mount by user cifs in smbstatus. Without it, I only
saw the user accessing the share.
More information about the samba
mailing list