Ok, so I started with a clean slate.? Same thing, only works if I add
the computer account to Domain users.? smbd Version 4.15.13-Ubuntu
root at u2cli:~# getent passwd CARLSON\\peter
CARLSON\peter:*:2001107:2000513::/home/peter at CARLSON:/bin/bash
root at u2cli:~# mkdir -m 1777 /mnt/test
root at u2cli:~# kinit -V -k U2CLI$
Using default cache: /tmp/krb5cc_0
Using principal: U2CLI$@CARLSON.LAB
Authenticated to Kerberos v5
root at u2cli:~# mount -t cifs //fs1.carlson.lab/test /mnt/test -o
sec=krb5,username=U2CLI$,multiuser
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel
log messages (dmesg)
root at u2cli:~# reboot
root at u2cli:~# mount -t cifs //fs1.carlson.lab/test /mnt/test -o
sec=krb5,username=U2CLI$,multiuser
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel
log messages (dmesg)
------------? add U2CLI to Domain Users ------------------
root at u2cli:~# mount -t cifs //fs1.carlson.lab/test /mnt/test -o
sec=krb5,username=U2CLI$,multiuser
root at u2cli:~# mount | grep fs1
//fs1.carlson.lab/test on /mnt/test type cifs
(rw,relatime,vers=3.1.1,sec=krb5,cruid=0,cache=strict,multiuser,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.52,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,noperm,rsize=4194304,wsize=4194304,bsize=1048576,echo_interval=60,actimeo=1,closetimeo=1)
root at u2cli:~#
------------------ Full History -------------------------
??? 1? apt update && apt upgrade
??? 2? apt install htop qemu-guest-agent mlocate
??? 3? apt install acl attr samba winbind libpam-winbind libnss-winbind
krb5-config krb5-user dnsutils python3-setproctitle smbclient cifs-utils
??? 4? vi /etc/hosts
??? 5? cat > /etc/samba/smb.conf
??? 6? cat > /etc/krb5.conf
??? 7? net ads join -U peter
??? 8? pam-auth-update
??? 9? systemctl restart smbd.service nmbd.service winbind.service
?? 10? wbinfo --ping-dc
?? 11? getent passwd CARLSON\\peter
?? 12? history
?? 13? getent passwd CARLSON\\peter
?? 14? vi /etc/nsswitch.conf
?? 15? getent passwd CARLSON\\peter
?? 16? mkdir -m 1777 /mnt/test
?? 17? kinit -V -k U2CLI$
?? 18? mount -t cifs //fs1.carlson.lab/test /mnt/test -o
sec=krb5,username=U2CLI$,multiuser
?? 19? reboot
?? 20? mount -t cifs //fs1.carlson.lab/test /mnt/test -o
sec=krb5,username=U2CLI$,multiuser
?? 21? mount | grep fs1
?? 22? history
--------------- Configs ---------------------------------
root at u2cli:~# cat /etc/samba/smb.conf
[global]
server string = %h server (Samba, Ubuntu)
?? log file = /var/log/samba/log.%m
?? max log size = 1000
?? logging = file
?? panic action = /usr/share/samba/panic-action %d
kerberos method = secrets and keytab
realm = CARLSON.LAB
workgroup = CARLSON
template homedir = /home/%U@%D
template shell = /bin/bash
security = ads
idmap config CARLSON : range = 2000000-2999999
idmap config CARLSON : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
vfs objects = acl_xattr
map acl inherit = yes
winbind use default domain = no
winbind refresh tickets = yes
winbind offline logon = yes
winbind enum groups = no
winbind enum users = no
apply group policies = yes
root at u2cli:~#
root at u2cli:~#
root at u2cli:~# cat /etc/krb5.conf
[libdefaults]
?? ?default_realm = CARLSON.LAB
?? ?dns_lookup_realm = false
?? ?dns_lookup_kdc = true
root at u2cli:~#
root at u2cli:~#
root at u2cli:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.
passwd:???????? files winbind systemd
group:????????? files winbind systemd
shadow:???????? files
gshadow:??????? files
hosts:????????? files dns
networks:?????? files
protocols:????? db files
services:?????? db files
ethers:???????? db files
rpc:??????????? db files
netgroup:?????? nis