Hello leo, we're using this in /etc/fstab:
//<server/<share /some/directory cifs
multiuser,sec=krb5,vers=3,user,domain=<domain>
We mount these shares with root rights after we have a valid krb
machine ticket (klist -k).
Afterwards users are able to access mounted shares with their krb user
ticket.
You may have to tune /etc/request-key.d/cifs.spnego.conf
create cifs.spnego * * /usr/sbin/cifs.upcall %k
create dns_resolver * * /usr/sbin/cifs.upcall %k
Kind regards
Timm
Am Freitag, dem 07.03.2025 um 15:42 +0000 schrieb Sala Leonardo:
>
> Dear all,
>
>
>
> we do have a CES cluster with GPFS 5.2.2.1 and Active Directory
> authentication, and I would like to have multiuser mounts on linux.
> To my understanding, in order to have this I need to have my share
> allowing anonymous users to get information ("restrict anonymous=0",
> and eventually guest access ("guest ok = True"). Despite this, I do
> always get the following error:
>
>
> Status code returned 0xc000006d STATUS_LOGON_FAILURE
>
>
> when mounting with: mount.smb3 -o multiuser,sec=krb5,cifsacl,guest
>
>
> Has anyone succeeded in doing it? It seems that on Netapp it works,
> but one needs to create a share open to anyone, and then have your
> normal sub-shares in it. Any experience with CES? It seems to me that
> winbind always tries to get information from AD concerning the user
> mounting in multiuser mode, which in this case is root, thus it
> fails...
>
>
> Thanks!
>
>
> cheers
>
>
> leo
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at gpfsug.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
