[Samba] Pam_mount not working with "sec=krb5"

L.P.H. van Belle belle at bazuin.nl
Wed Nov 4 16:55:24 UTC 2015

Im 1000% sure..  :-) 

The server names are ready different. 
Like print1 and member1 
I login with putty and test from my pc in my own home drive. 
It is ready as the below getfacl shows. 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens buhorojo
> Verzonden: woensdag 4 november 2015 17:34
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Pam_mount not working with "sec=krb5"
> On 04/11/15 16:50, L.P.H. van Belle wrote:
> >> However, I have two objections at first glance:
> >> a) if you remove AD access for an AD user, this user can't mount samba
> >> shares, because he won't get authenticated correctly (on the Samba file
> >> server sharing the homes), no?
> > Looks correct to me what your saying,
> > But how are you removing ad access from an AD user?
> Only users in the realm or with trust will be able:
> 1. authenticate
> 2. use the resultant ticket to request access to the file server
> Also remember that root is not in the realm;)
> >
> >> b) if you use NFS, and I tried that, and a user creates subfolders and
> >> files in his nfs-mounted home share, these subcontainers won't have the
> >> correctly inherited Windows ACLs (ergo problems with these shares when
> >> accessing them from Windows AD clients)
> >>
> > Strange, this works for me correct in the home folder.
> >
> > Test1 : login on a server with a NFS mounted homedir nsfV4 kerberos
> mounted.
> > If i create a folder from a ssh shell access, with a kerberos
> authenticated user. ( for me a user who does not type its password on ssh
> access )
> Are you sure you are accessing the nfs mounted share on the server and
> not the share itself? If you are setting the acl from windows on the
> parent directory, it will not translate correctly across nfs4 unless you
> have set the acl yourself using the (highly intuitive) nfs4_setfacl. At
> least several hours of trying later and failing before we went cifs
> where the acls just work.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list