Re: how to automount a kerberos cifs share

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/13/2012 11:30 PM, Gaiseric Vandal wrote:
On 06/13/12 17:08, steve wrote:
On 13/06/12 21:10, Gaiseric Vandal wrote:
How about if you use NFS v4 with kerberos instead of CIFS?



On 06/13/12 14:58, steve wrote:
Hi

I have an automount map:
* -fstype=cifs,sec=krb5 ://server/share/&

It works fine, but only if Administrator has tickets. I can't do that
on every client!

Is there any way I can store the Administrator key in a keytab and use
that? Or any other solution?

Cheers,
Steve

Hi Gaiseric
Yes, that would be perfect as we are using kerberized nfs3 for
everything else.

The problem with nfs4 is that you can't have group rw shares and also
there is no document locking between libreoffice and m$office:-(

This particular share _has_ to be cifs.
Thanks,
Steve

What OS are you running?
openSUSE 12.1, also tested with the same behavior on Ubuntu LTS
  My experience is that Solaris backported
kerberos to nfs v3 but that linux requires nfs v4 for kerberos.    NFS
talks to GSS  which in turn talks to Kerberos.
No. Kerberos works fine with nfs3 on Linux. We have to use v3 due to the (poorly designed) nfs4 acl's.
    autofs runs as root so
with nfs  you would add creds to the local keytab for root  to make that
work.
tracing with gssd -fvvv it seems that it looks in the keytab (ours is at /etc/krb5.keytab), finds the machine key and mounts the share.
   No   I take it autofs on linux works with more than just NFS.

Yep. It works fine with cifs too. We just need a way of getting it to automount without having to give the Administrator password.

IOW, the equivalent of nfs but for cifs. How to get cifs to look at a keytab. . .
Cheers and thanks for your tine,
Steve

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


[Index of Archives]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [RAID]     [Trinity TED Users]     [Yosemite News]
  Powered by Linux