LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > LinuxQuestions.org Member Success Stories
User Name
Password
LinuxQuestions.org Member Success Stories Just spent four hours configuring your favorite program? Just figured out a Linux problem that has been stumping you for months?
Post your Linux Success Stories here.

Notices

Reply
 
Search this Thread
Old 11-20-2009, 02:42 AM   #1
munta
LQ Newbie
 
Registered: Nov 2009
Posts: 3

Rep: Reputation: 0
Using cifs to mount domain-windows shares with kerberos. (krb5)


Ubuntu 9.10 workstation, windows 2003 domain.

Initially I followed all sorts of examples like this...
https://help.ubuntu.com/community/Ac...ryWinbindHowto

Got samba, kerberos and winbind working so I could log in as a domain user. (win 2003 Domain)

Then using cifs...
mount.cifs //server/windows-share /test -o sec=krb5 --verbose
came up with the "mount error 2 = No such file or directory" issue.
The only scrap of info that looked interesting was reference to keyutils.
As a trial I installed the keyutils package using get-apt install and restarted the machine. (Windows habit.)
Being logged in as root I got a ticket for domain user by running kinit [domain-user x]
Then... mount.cifs //server/windows-share /test -o sec=krb5 --verbose

It worked.
ran umount.cifs /test to disconnect the share.

Logged out of root.

Then I logged in as [domain-user x], for me this was using [domain\username]
Then... mount.cifs //server/windows-share /test -o sec=krb5 --verbose

DID NOT WORK. Even though as root I had obtained a ticket for user x.
Sorry I cannot remember the error but I have it logged at work.

Anyway it transpires or seems that the user running the mount.cifs command must be the same user that obtains the kerberos ticket. Why? I am not sure right now but it is good to know.

I opened a terminal and entered kinit [domain-user x] to obtain a ticket from the KDC for the logged in user [domain-user x].
Then... mount.cifs //server/windows-share /test -o sec=krb5 --verbose

Worked. Yee ha.

So after configuring a machine for kerberos, samba, winbind etc, joining active directory and logging in as the domain user...
keyutils was the final key to the puzzle - so to speak.
I only installed it after everything else was configured and only did so because of cifs did not like [sec=krbf]
I did not configure any files after installing keyutils.

I hope this helps some people navigate part of the minefield trying to make Ubuntu 9.10 workstation play nice in a windows domain.

I would be happy to elaborate further on my setup that worked if anyone is interested.

Oh and to all those people out there who seem to take pride in boasting how they "apparently" managed to get something working, without actually offering up anything useful for others, SHAME ON YOU.

Munta
 
Old 01-29-2010, 06:14 AM   #2
kmaynard
LQ Newbie
 
Registered: Jan 2010
Location: New Zealand
Distribution: Ubuntu
Posts: 1

Rep: Reputation: 0
Same HOME folder for Windows Ubuntu Mac?

Munta: I have a related problem. I posted it on the Ubuntu forum (apparently I can't post the URL, so I have substantially copied it here) but have not yet been favoured with a reply. I 'just' want a Ubuntu user to login and see the same Home files that a Mac User and a Windows user do. Here's the scenario. I should be really grateful if you can suggest a way forward. I can't believe this problem hasn't been addressed before.

Our school originally had a Windows NT4 Server, and about 30 NT4 Workstations using MS software. I am trying to liberalise things a bit. We now have 100 Workstations running XP and OS X in a Windows 2003 domain. Thunderbird, Firefox and OpenOffice form the common thread. Users on either system have a common home directory on the server. I should like to add Ubuntu workstations to the mix. The goal is to allow any user to log on to any workstation regardless of OS, and have access to the user's own files. The users are teachers (not necessarily computer enthusiasts) and 12-13 year old children, who expect things to work 'out of the box' (and why shouldn't they?)

I have added Unix support in the W2K3 servers, installed LDAP, Samba and Winbind to Ubuntu, and managed to get Ubuntu to join the domain, and for users to authenticate via LDAP to the domain. The failure point is a common Home folder.

I need advice on how to assign a user's Ubuntu home directory to be on the server. If I do a 'getent' I can see that the location specified in AD makes its way to Ubuntu, but I don't know how to get this mounted. So far, my best effort has been to mount the users' share //SERVER/Users with an entry in fstab, specifying /media/users as the mount point. This, I understand, should mount when Ubuntu boots. In AD, I specify /media/users/username as the Unix home dir. When my new user logs in, it creates the home dir on the windows share, and .bash_logout, .bashc, .profile, examples.desktop, then crashes saying 'could not update ICEauthority file' (encouragingly, it IS trying to create it in the expected place). Also, Nautilus raises a similar objection. I have set windows file protections to Everyone, full access, to see if that is the problem, but to no avail. I have made the Ubuntu wkstn a member of UnixUsers which has full access, in a further attempt to grant access.
 
  


Reply

Tags
active directory


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mount smbfs with cifs. using kerberos ticket permalac Linux - Desktop 0 12-24-2008 06:17 AM
samba client (smbmount, mount.cifs) and kerberos Felipe Linux - Software 0 08-22-2008 03:13 AM
CIFS Shares mount problem havok1977 Linux - Software 3 06-12-2007 12:00 PM


All times are GMT -5. The time now is 07:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration