similar to: Samba4 Does cifs need a keytab for the multiuser option?

Hello, On Debian 9 (stretch prerelease) I am able to mount with the following command with root using the following command: mount -t cifs //smb.physics.wisc.edu/smb /smb -osec=krb5,multiuser,username=smbadmin at PHYSICS.WISC.EDU --verbose root can also access files as expected However, when cifs-utils 6.6-5 is installed, a different user cannot access as expected: ls /smb ls: cannot

Hi, I am trying to mount fileserver (samba, 10.20.30.16) shares on a linux domain member server, where I logged on via ssh using AD my credentials. I am unable to get past the "mount error(126): Required key not available" error message. I have read and googled a lot, and could use some help. See this: > domainuser at memberserver-45:~$ sudo tail -f /var/log/debug & >

Chad William Seys via samba <samba at lists.samba.org> writes: > But when cifs-utils 6.4-1 is installed (from jessie) the different > user can access as expect. AFAIK there are no other differences besides > the cifs-utils version. Not counting any distro-specific patches it seems cifs.upcall only had 5 commits affecting it between these 2 releases: $ git log

Hi list, I joined a workstation (Debian 10, Samba from distribution) to our AD domain (Windows 2012 Server). The domain ends by ".local" (yes I know, not my fault). However, after a domain user logged to the machine, I can't mount a share that exists on the AD server using user's kerberos ticket: it fails with error "Required key not available". Mounting using

Hi I have a s3 fileserver joined to a s4 DC Here is smb.conf on the fileserver: [global] workgroup = HH3 realm = HH3.SITE security = ADS kerberos method = system keytab winbind enum users = Yes winbind enum groups = Yes idmap config *:backend = tdb idmap config *:range = 3000-4000 idmap config HH3:backend = ad idmap config HH3:range = 20000-40000000 idmap config HH3:schema_mode = rfc2307 winbind

After re-join kinit Administrator net ads keytab add cifs/$(hostname -f) -k net ads keytab add_update_ads -k samba-tool delegation for-any-service COMPUTERNAME$ on ( or use : delegation add-service accountname principal [options] ) Reboot Should work now. ;-) Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Yvan

On Thu, 25 Jan 2024 18:45:52 -0800 Peter Carlson via samba <samba at lists.samba.org> wrote: > I am getting a permission denied when trying to ls as a domain user a > samba mount with windows ACLs (sigh I thought I had this figured > out). I tried to include self descriptive server names and include > them in the info below (fs1: file server, nc: addc, u2gui: ubuntu >

Am 02.11.2015 um 15:10 schrieb buhorojo: > On 02/11/15 14:42, Ole Traupe wrote: >> >> Am 02.11.2015 um 13:12 schrieb buhorojo: >>> On 02/11/15 12:54, Ole Traupe wrote: > >>> Why can't the user do it with his own key file? > Only root can perform mounts and anyway, Right, sorry. > cifs upcall looks for a key, not a cache. So you just _have_ to use the

Hai Mourik-Jan, Beste wensen he ;-) Lets start here.. A and PTR record exists for both servers? Does CIFS/spn and root/spn exist in the AD? In krb5.conf, set these : ; not used for nfs4 but cifs might need it. ; for Windows 2003 ; default_tgs_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; default_tkt_enctypes = rc4-hmac des-cbc-crc des-cbc-md5 ; permitted_enctypes = rc4-hmac

Did you "deleated the computer object" to allow kerberos services. And did you add the CIFS/spn to the computer and keytab ? https://wiki.samba.org/index.php/Generating_Keytabs If its a member, which i assume. kinit Administrator net ads keytab add cifs/$(hostname -f) -k net ads keytab add_update_ads -k Add these and it should work. You might need to restart or reboot., sometimes

Thanks for your help! Le 09/03/2020 ? 15:39, L.P.H. van Belle via samba a ?crit?: > Did you "deleated the computer object" to allow kerberos services. > And did you add the CIFS/spn to the computer and keytab ? > I am sorry, I don't really understand the above: mount requires a keytab AND a user ticket? > https://wiki.samba.org/index.php/Generating_Keytabs > >

On 1/26/24 02:35, Rowland Penny via samba wrote: > On Thu, 25 Jan 2024 18:45:52 -0800 Peter Carlson via samba > <samba at lists.samba.org> wrote: >> The share mounts and I am a member of the correct groups >> CARLSON\peter at u2gui:~$ cat /etc/fstab //fs.carlson.lab/test /mnt/test >> cifs credentials=/root/smbcreds,multiuser,sec=ntlmssp,_netdev 0 0 > I think

On 02/11/15 15:51, Ole Traupe wrote: > > > Am 02.11.2015 um 15:10 schrieb buhorojo: >> On 02/11/15 14:42, Ole Traupe wrote: >>> >>> Am 02.11.2015 um 13:12 schrieb buhorojo: >>>> On 02/11/15 12:54, Ole Traupe wrote: >> >>>> Why can't the user do it with his own key file? >> Only root can perform mounts and anyway, > Right,

Hi guys, This seems to be a well-known problem with mount.cifs on Ubuntu 12.04. Unfortunately, although I have applied the suggestions I found with google, I can't seem to be able to get mount.cifs to work with kerberos. I am trying to use kerberos to mount my Windows shares because this is the only allowed secure way in my company to connect to shares. Before anyone asks, I can successfully

Am 02.11.2015 um 13:12 schrieb buhorojo: > On 02/11/15 12:54, Ole Traupe wrote: >> Hi all, this is not really a Samba question, but related, and I hope >> that some of you are using this and can tell me what I am doing wrong. >> >> On a member server, I can mount my shares by hand specifying "-o >> username=xxx,domain=yyy,password=zzz". But as soon as I

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Time for another cifs-utils release! Nothing terribly earth shattering here. Some distros (like Fedora) are moving krb5 credcaches out of /tmp by default. Users of these distros will definitely want to upgrade. Highlights: * Fixes for mounting with '/' in usernames with sec=krb5 * Support for DIR: type krb5 ccaches * support for

On Fri, 2017-02-10 at 11:15 -0600, Chad William Seys wrote: > Hi Jeff, > > > So we have a default credcache for the user for whom we are operating > > as, but we can't get the default principal name from it. My guess is > > that it's not finding the > > This mount is run by root UID=0 and seems to be find that credential > cache without problem (earlier

Hi all, I am testing different setups for Samba home share mounts via the CIFS protocol on Linux clients with and without Keberos security (both krb5 and krb5i). I am experiencing some strange behaviour in case of Kerberos authentication: In case of mounts (by root or the user itself) without Kerberos security (only NTLMv2 authentication), local root and the owning user on the Linux client

On 1/29/24 13:08, Rowland Penny via samba wrote: > On Mon, 29 Jan 2024 12:51:37 -0800 > Peter Carlson via samba<samba at lists.samba.org> wrote: > > >> Just did a quick test, the big T comes after setting permissions in >> windows >> >> root at fs1:/var/log# cd /data >> root at fs1:/data# mkdir -m 1777 test2 > No it doesn't, you are setting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The last release (4.7) was back in October. We've had a number of good fixes committed in the last few weeks, so it's a good time to cut a new release. Also, note that I've transplanted the cifs-utils manpage to the Samba Wiki. The old URL still works and redirects browsers to the new page. o hardcoded paths in the cifs.upcall manpage