Pluess, Tobias
2024-Feb-28 10:56 UTC
[Samba] Samba, Kerberos, Autofs: Shares get disconnected
Hi Rowland, I tried that. As follows: [root at machinename mnt]# kinit -k MACHINENAME$ [root at machinename mnt]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: MACHINENAME$@CAMPUS Valid starting Expires Service principal 02/28/2024 11:50:55 02/28/2024 21:50:55 krbtgt/CAMPUS at CAMPUS renew until 02/29/2024 11:50:55 [root at machinename mnt]# mount -t cifs //server/share /mnt/test -osec=krb5,multiuser,username=MACHINENAME$ mount error(13): Permission denied Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) I don't understand this, as with a personal user account it works. Also the machine itself is member of the group which has access to that particular share. Do I need to configure something else? the server is also a SAMBA server. The fun thing is, with Windows it just works absolutely perfectly. With Linux, I can either not mount (as shown above) or, if I can mount (using a Kerberos ticket from a existing user), I get the funny disconnects. (I recently did a test where I logged in, and let in a terminal run "watch -n1 kinit -R" and then this keeps the ticket much longer than just 10 hours, but after one week disconnects nevertheless.) On Wed, Feb 28, 2024 at 11:02?AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Wed, 28 Feb 2024 09:02:20 +0100 > "Pluess, Tobias" <tpluess at ieee.org> wrote: > > > Hallo again, > > > > I would like to ask if there exists any possibility to have a Samba > > mount point with multiuser and with a credentials file or something > > similar. > > Yes, mount them from fstab with the machine ticket. > > After your last post, I set up a share on one of my DCs, then mounted > it with the machines ticket via fstab on another DC (they are the only > computers that run 24/7) and 16 days later, the share is still up! > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2024-Feb-28 11:18 UTC
[Samba] Samba, Kerberos, Autofs: Shares get disconnected
On Wed, 28 Feb 2024 11:56:13 +0100 "Pluess, Tobias via samba" <samba at lists.samba.org> wrote:> Hi Rowland, > > I tried that. As follows: > > > > [root at machinename mnt]# kinit -k MACHINENAME$Fairly sure I have said this already, but if I haven't, I will say it now: Do not use kinit to get the machines kerberos ticket, winbind has already acquired one for you.> [root at machinename mnt]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: MACHINENAME$@CAMPUS > > Valid starting Expires Service principal > 02/28/2024 11:50:55 02/28/2024 21:50:55 krbtgt/CAMPUS at CAMPUS > renew until 02/29/2024 11:50:55 > [root at machinename mnt]# mount -t cifs //server/share /mnt/test > -osec=krb5,multiuser,username=MACHINENAME$ > mount error(13): Permission denied > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > > > I don't understand thisI do. Lets look at this line from your klist output: Ticket cache: FILE:/tmp/krb5cc_0 The number(s) after the '_' is the Unix ID of the owner. Now we all know who '0' is (at least I hope we do) ;-) I do not have a kerberos ticket for the machine in /tmp , but the share is still mounted. Rowland