samba - Feb 2024 - Samba, Kerberos, Autofs: Shares get disconnected

On Wed, 7 Feb 2024 10:34:15 +0100
Kees van Vloten via samba <samba at lists.samba.org> wrote:
> 
> Op 07-02-2024 om 10:11 schreef Pluess, Tobias:
> > Hi Kees,
> >
> > I do not think the share keeps being mounted while nobody is logged 
> > in, as I try to use autofs which only mounts shares when they are 
> > actually accessed.
> > So the scenario is
> >
> > a) some user logs into his workstation, Kerberos ticket is created
> > b) the user accesses the share, works fine
> > c) user does not switch off PC, e.g. because some programs need to 
> > continue running during the weekend
> > d) when user returns after more than 10 hours have passed, he is
> > still logged into his workstation, but the ticket is expired and he
> > cannot any more access the share, and autofs cannot remount it, as
> > the ticket has expired.
> >
> > How do I use the machine account for mounting?
> 
> For me there are 2 questions here:
> 
> 1. Why does the user ticket expire while he is logged in?
> 
> 2. How to mount the share with the machine account?
> 
> ad. 1. I had a similar issue in 03-2022, read the details and
> solution here:
> https://lists.samba.org/archive/samba/2022-March/239876.html
> 
> ad. 2. @Rowland, do you have the details at hand for this? I will
> look into it when unix-extensions for smb3.11 are implemented. The
> idea is to use the machine account's user and ticket, then the ticket
> is managed by winbind.
> 
I think the problem here is the word 'autofs', which I presume was
originally short for 'automatic filesystem' or mount when required.

Now if you want the share to be permanent (or as permanent as possible),
how to mount it ?
How are your HDD's mounted ?
In fstab, need I say more ?

Rowland

Op 07-02-2024 om 11:34 schreef Rowland Penny via samba:
> On Wed, 7 Feb 2024 10:34:15 +0100
> Kees van Vloten via samba <samba at lists.samba.org> wrote:
>
>> Op 07-02-2024 om 10:11 schreef Pluess, Tobias:
>>> Hi Kees,
>>>
>>> I do not think the share keeps being mounted while nobody is logged
>>> in, as I try to use autofs which only mounts shares when they are
>>> actually accessed.
>>> So the scenario is
>>>
>>> a) some user logs into his workstation, Kerberos ticket is created
>>> b) the user accesses the share, works fine
>>> c) user does not switch off PC, e.g. because some programs need to
>>> continue running during the weekend
>>> d) when user returns after more than 10 hours have passed, he is
>>> still logged into his workstation, but the ticket is expired and he
>>> cannot any more access the share, and autofs cannot remount it, as
>>> the ticket has expired.
>>>
>>> How do I use the machine account for mounting?
>> For me there are 2 questions here:
>>
>> 1. Why does the user ticket expire while he is logged in?
>>
>> 2. How to mount the share with the machine account?
>>
>> ad. 1. I had a similar issue in 03-2022, read the details and
>> solution here:
>> https://lists.samba.org/archive/samba/2022-March/239876.html
>>
>> ad. 2. @Rowland, do you have the details at hand for this? I will
>> look into it when unix-extensions for smb3.11 are implemented. The
>> idea is to use the machine account's user and ticket, then the
ticket
>> is managed by winbind.
>>
> I think the problem here is the word 'autofs', which I presume was
> originally short for 'automatic filesystem' or mount when required.
>
> Now if you want the share to be permanent (or as permanent as possible),
> how to mount it ?
> How are your HDD's mounted ?
> In fstab, need I say more ?
>
> Rowland
Indeed /etc/fstab is probably the most logical place. The question 
remains what mount options are required to make this work with the 
machine account and would such a mount allow multi-user access given 
that each user has sufficient permissions?

Now that I am writing that: "sufficient permissions" implies that the 
user has a valid ticket. In other words question 1 needs? to be 
addressed for this to work as well.

- Kees.
>
>