[Samba] Using GPO to mount shares on Linux

Rowland Penny rpenny at samba.org
Thu Oct 26 15:05:22 UTC 2017


On Thu, 26 Oct 2017 16:08:57 +0200
Daniel Carrasco <d.carrasco at i2tic.com> wrote:

> Hello,
> 
> I'm using sssd because works fine, is the first time I join a domain
> with a Linux box and I need an easy and fast guide to make it work.
> SSSD allow me to cache the use credentials and autofs mounts, so if
> domain fails the computer will work without problem.
> 
> Finally is a problem of spn. I've opened the ADSI editor and I've
> added the CIFS name to the list of SPN in shares server and now works
> fine. Both ways works fine (autofs and smbclient).
> 
> Thanks to your comment about SPN (I didn't know what is), I've known
> where to search and a simple way to solve it.
> 
> Can I suggest to add this spn when a Linux member joins the domain?,
> because maybe give problems on other builds that use kerberos to mount
> shares.

It is possible cache the users credentials with winbind, not sure about
autofs.

Whilst the SPN is required for your setup, not everybody uses sssd and
autofs, both of which have nothing to do with Samba.

If you have these lines in a Samba Unix domain member smb.conf:

    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    winbind refresh tickets = Yes

and use 'net ads join -U Administrator' to join the domain, you will get
a keytab created for you, but it will not contain an SPN for cifs, you
will have to added it.

It is Autofs that requires the SPN, so this program should document the
need for the SPN, not Samba, but I am sure you have found out that the
Autofs documentation is abysmal.

Rowland
 



More information about the samba mailing list