similar to: autofs + cifs + kerberos

Hi, I am still trying to figure out the best settings for Samba and Kerberos with autofs. My setup so far works good, users can log in on their computers using AD credentials, and they can access network shares with AD credentials as well. This works perfect. Also I notice that some Kerberos ticket is created upon user login, which allows the users to access a Samba share without entering the

Hi guys, This seems to be a well-known problem with mount.cifs on Ubuntu 12.04. Unfortunately, although I have applied the suggestions I found with google, I can't seem to be able to get mount.cifs to work with kerberos. I am trying to use kerberos to mount my Windows shares because this is the only allowed secure way in my company to connect to shares. Before anyone asks, I can successfully

So finally here is the solution that works for me. If you have any questions, just ask. I use pam_mount with the following volume definition in the "/etc/security/pam_mount.conf.xml": <volume fstype="cifs" server="server" path="home/%(USER)" mountpoint="/home/%(USER)" sgrp="domain users"

Hi all, this is not really a Samba question, but related, and I hope that some of you are using this and can tell me what I am doing wrong. On a member server, I can mount my shares by hand specifying "-o username=xxx,domain=yyy,password=zzz". But as soon as I put "sec=krb5" in the mount options (and leaving out the password part), I get this error: # mount error(126):

On Mon, 29 Jan 2024 16:42:20 -0800 Peter Carlson via samba <samba at lists.samba.org> wrote: > > On 1/29/24 13:08, Rowland Penny via samba wrote: > > On Mon, 29 Jan 2024 12:51:37 -0800 > > Peter Carlson via samba<samba at lists.samba.org> wrote: > > > > > >> Just did a quick test, the big T comes after setting permissions in > >>

> > If by "key" you meant keytab then you were right. A keytab is a file > dedicated to contains credentials (https://kb.iu.edu/d/aumh or > http://web.mit.edu/Kerberos/krb5-1.12/doc/basic/keytab_def.html). > > Keytab are used when you want to automate actions which need > authentication. When some automated action requires credentials you > have to provide

Am 04.11.2015 um 14:49 schrieb mathias dufresne: > 2015-11-04 13:58 GMT+01:00 Ole Traupe <ole.traupe at tu-berlin.de>: > >> Mathias, thanks again! This sounds like a very reasonable approach. I know >> that with remote ssh and public key authentication you can set the limit to >> a single possible command. is this also possible with AD users? >> > I'm

Mathias, thanks again! This sounds like a very reasonable approach. I know that with remote ssh and public key authentication you can set the limit to a single possible command. is this also possible with AD users? Unfortunately, I don't have 'multiuser' support in my current cifs-utils version 4.8. So I would end up with your designated user being the owner of all the files and

Am 22.01.2015 um 12:28 schrieb Rowland Penny: > On 22/01/15 10:53, Norbert Heinzelmann wrote: >> Hello, >> >> I have the problem that the ACLs are ignored when I mount a share via >> cifs. I have an AD with Samba 4.1.6 Ubuntu 14.04 (but I also tried it >> with Gentoo and samba 4.1.14). So I joined a member server like the >> wiki describes. Everything

Am 22.01.2015 um 17:17 schrieb Rowland Penny: > On 22/01/15 12:57, Norbert Heinzelmann wrote: >> Am 22.01.2015 um 12:28 schrieb Rowland Penny: >>> On 22/01/15 10:53, Norbert Heinzelmann wrote: >>>> Hello, >>>> >>>> I have the problem that the ACLs are ignored when I mount a share >>>> via cifs. I have an AD with Samba 4.1.6 Ubuntu

Hallo again, I would like to ask if there exists any possibility to have a Samba mount point with multiuser and with a credentials file or something similar. After a couple weeks testing I just find that my shares get disconnected after one week, which is not acceptable: I have stored some large project files on the Samba share which is opened in some calculation software, and simulations take up

Am 23.01.2015 um 10:19 schrieb Rowland Penny: > On 23/01/15 07:34, Norbert Heinzelmann wrote: >> >> Am 22.01.2015 um 17:17 schrieb Rowland Penny: >>> On 22/01/15 12:57, Norbert Heinzelmann wrote: >>>> Am 22.01.2015 um 12:28 schrieb Rowland Penny: >>>>> On 22/01/15 10:53, Norbert Heinzelmann wrote: >>>>>> Hello,

On 1/29/24 13:08, Rowland Penny via samba wrote: > On Mon, 29 Jan 2024 12:51:37 -0800 > Peter Carlson via samba<samba at lists.samba.org> wrote: > > >> Just did a quick test, the big T comes after setting permissions in >> windows >> >> root at fs1:/var/log# cd /data >> root at fs1:/data# mkdir -m 1777 test2 > No it doesn't, you are setting

On Mon, 12 Feb 2024 09:38:01 +0100 "Pluess, Tobias via samba" <samba at lists.samba.org> wrote: > Good day > > please excuse my delayed response. > Thanks for the hint with the machine account. I will try this. > I realised I can also manually refresh Kerberos tickets. > > I have the following: > > $ klist > Valid starting Expires

Hi I think I've managed to get the automount classes into the the schema: ldbsearch --url=/usr/local/samba/private/sam.ldb.d/"CN=SCHEMA,CN=CONFIGURATION,DC=HH3,DC=SITE.ldb" | grep "dn: CN=automount" dn: CN=automountKey,CN=Schema,CN=Configuration,DC=hh3,DC=site dn: CN=automount,CN=Schema,CN=Configuration,DC=hh3,DC=site dn:

Op 07-02-2024 om 12:27 schreef Rowland Penny via samba: > On Wed, 7 Feb 2024 11:57:28 +0100 > Kees van Vloten via samba <samba at lists.samba.org> wrote: > >> Op 07-02-2024 om 11:34 schreef Rowland Penny via samba: >>> On Wed, 7 Feb 2024 10:34:15 +0100 >>> Kees van Vloten via samba <samba at lists.samba.org> wrote: >>> >>>> Op

Good day please excuse my delayed response. Thanks for the hint with the machine account. I will try this. I realised I can also manually refresh Kerberos tickets. I have the following: $ klist Valid starting Expires Service principal 02/12/2024 08:39:44 02/12/2024 18:39:44 krbtgt/CAMPUS renew until 02/13/2024 08:39:40 so this ticket is valid until 12. February 18:39.

>> I mean, putting the key in the keytab looks like a security risk to me. > In what way does it appear any more of a risk than having the keys > which you have there already? Even if someone steals the keytab, > they're gonna be hard pressed to crack the key in the few hours before > the tgt expires. Do you have very sensitive data maybe? Ok. And maybe I misunderstood

Am 02.11.2015 um 13:12 schrieb buhorojo: > On 02/11/15 12:54, Ole Traupe wrote: >> Hi all, this is not really a Samba question, but related, and I hope >> that some of you are using this and can tell me what I am doing wrong. >> >> On a member server, I can mount my shares by hand specifying "-o >> username=xxx,domain=yyy,password=zzz". But as soon as I

I need a second pair of eyes here, please. I have a CentOS 6.6 server (let's call it 'S1") that has a Samba share on it that is currently working. We can mount that drive on our Windows work stations and transfer/delete from it just fine. It's setup as a "guest" config so no user specific passwords or any other restrictions like that. I'm trying to setup another