[Samba] permission denied with windows acls

Rowland Penny rpenny at samba.org
Sat Jan 27 11:19:33 UTC 2024 

On Fri, 26 Jan 2024 12:27:52 -0800
Peter Carlson via samba <samba at lists.samba.org> wrote:

> 
> On 1/26/24 09:34, Peter Carlson via samba wrote:
> >
> > On 1/26/24 02:35, Rowland Penny via samba wrote:
> >> On Thu, 25 Jan 2024 18:45:52 -0800 Peter Carlson via samba 
> >> <samba at lists.samba.org> wrote:
> >>> The share mounts and I am a member of the correct groups 
> >>> CARLSON\peter at u2gui:~$ cat /etc/fstab //fs.carlson.lab/test 
> >>> /mnt/test cifs 
> >>> credentials=/root/smbcreds,multiuser,sec=ntlmssp,_netdev 0 0 
> >> I think that could be part of your problem, even though you are
> >> using 'multiuser', you are mounting as root. try reading 'man
> >> mount.cifs' and pay particular attention to 'sec=krb5' and
> >> 'multiuser', that way you will not require a password. Rowland 
> > ok I am a bit confused on mounting using service tickets and krb5.
> > I created the ticket on the client linux machine:
> >
> >    root at u2gui:~# kinit -k U2GUI$
> >    root at u2gui:~# klist
> >    Ticket cache: FILE:/tmp/krb5cc_0
> >    Default principal: U2GUI$@CARLSON.LAB
> >
> >    Valid starting       Expires              Service principal
> >    01/26/2024 09:13:19  01/26/2024 19:13:19 
> > krbtgt/CARLSON.LAB at CARLSON.LAB
> >         renew until 01/27/2024 09:13:18
> >
> > and the fstab:
> >
> >    //fs.carlson.lab/test /mnt/test cifs
> >    vers=3.0,multiuser,sec=krb5,_netdev 0 0
> >
> >
> ok, I did figure out the required key not available, but now it's 
> permission denied
> 
>     root at u2gui:~# mount -a
>     mount error(13): Permission denied
> 
> The logs seem to indicate that it is trying to connect as user u2gui.
>  I thought it mounted with a service account?
> 
> 

You are close, but are missing a parameter, try opening a terminal on
u2gui (which I take it is the hostname for the domain joined client you
are trying to mount the share to). Then type this:

sudo mount -t cifs //fs.carlson.lab/test /mnt/test -o
sec=krb5,username=U2GUI$,multiuser

Now go and look at /mnt/test

Rowland

More information about the samba mailing list