LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   LinuxQuestions.org Member Success Stories (http://www.linuxquestions.org/questions/linuxquestions-org-member-success-stories-23/)
-   -   Using cifs to mount domain-windows shares with kerberos. (krb5) (http://www.linuxquestions.org/questions/linuxquestions-org-member-success-stories-23/using-cifs-to-mount-domain-windows-shares-with-kerberos-krb5-770384/)

munta 11-20-2009 03:42 AM

Using cifs to mount domain-windows shares with kerberos. (krb5)
 
Ubuntu 9.10 workstation, windows 2003 domain.

Initially I followed all sorts of examples like this...
https://help.ubuntu.com/community/Ac...ryWinbindHowto

Got samba, kerberos and winbind working so I could log in as a domain user. (win 2003 Domain)

Then using cifs...
mount.cifs //server/windows-share /test -o sec=krb5 --verbose
came up with the "mount error 2 = No such file or directory" issue.
The only scrap of info that looked interesting was reference to keyutils.
As a trial I installed the keyutils package using get-apt install and restarted the machine. (Windows habit.)
Being logged in as root I got a ticket for domain user by running kinit [domain-user x]
Then... mount.cifs //server/windows-share /test -o sec=krb5 --verbose

It worked.
ran umount.cifs /test to disconnect the share.

Logged out of root.

Then I logged in as [domain-user x], for me this was using [domain\username]
Then... mount.cifs //server/windows-share /test -o sec=krb5 --verbose

DID NOT WORK. Even though as root I had obtained a ticket for user x.
Sorry I cannot remember the error but I have it logged at work.

Anyway it transpires or seems that the user running the mount.cifs command must be the same user that obtains the kerberos ticket. Why? I am not sure right now but it is good to know.

I opened a terminal and entered kinit [domain-user x] to obtain a ticket from the KDC for the logged in user [domain-user x].
Then... mount.cifs //server/windows-share /test -o sec=krb5 --verbose

Worked. Yee ha.

So after configuring a machine for kerberos, samba, winbind etc, joining active directory and logging in as the domain user...
keyutils was the final key to the puzzle - so to speak.
I only installed it after everything else was configured and only did so because of cifs did not like [sec=krbf]
I did not configure any files after installing keyutils.

I hope this helps some people navigate part of the minefield trying to make Ubuntu 9.10 workstation play nice in a windows domain.

I would be happy to elaborate further on my setup that worked if anyone is interested.

Oh and to all those people out there who seem to take pride in boasting how they "apparently" managed to get something working, without actually offering up anything useful for others, SHAME ON YOU.

Munta

kmaynard 01-29-2010 07:14 AM

Same HOME folder for Windows Ubuntu Mac?
 
Munta: I have a related problem. I posted it on the Ubuntu forum (apparently I can't post the URL, so I have substantially copied it here) but have not yet been favoured with a reply. I 'just' want a Ubuntu user to login and see the same Home files that a Mac User and a Windows user do. Here's the scenario. I should be really grateful if you can suggest a way forward. I can't believe this problem hasn't been addressed before.

Our school originally had a Windows NT4 Server, and about 30 NT4 Workstations using MS software. I am trying to liberalise things a bit. We now have 100 Workstations running XP and OS X in a Windows 2003 domain. Thunderbird, Firefox and OpenOffice form the common thread. Users on either system have a common home directory on the server. I should like to add Ubuntu workstations to the mix. The goal is to allow any user to log on to any workstation regardless of OS, and have access to the user's own files. The users are teachers (not necessarily computer enthusiasts) and 12-13 year old children, who expect things to work 'out of the box' (and why shouldn't they?)

I have added Unix support in the W2K3 servers, installed LDAP, Samba and Winbind to Ubuntu, and managed to get Ubuntu to join the domain, and for users to authenticate via LDAP to the domain. The failure point is a common Home folder.

I need advice on how to assign a user's Ubuntu home directory to be on the server. If I do a 'getent' I can see that the location specified in AD makes its way to Ubuntu, but I don't know how to get this mounted. So far, my best effort has been to mount the users' share //SERVER/Users with an entry in fstab, specifying /media/users as the mount point. This, I understand, should mount when Ubuntu boots. In AD, I specify /media/users/username as the Unix home dir. When my new user logs in, it creates the home dir on the windows share, and .bash_logout, .bashc, .profile, examples.desktop, then crashes saying 'could not update ICEauthority file' (encouragingly, it IS trying to create it in the expected place). Also, Nautilus raises a similar objection. I have set windows file protections to Everyone, full access, to see if that is the problem, but to no avail. I have made the Ubuntu wkstn a member of UnixUsers which has full access, in a further attempt to grant access.


All times are GMT -5. The time now is 04:34 AM.