Hi All,
I am currently trying to get a samba server setup on rocky. I have it currently setup to get credentials via a FreeIPA server hosted on another Rocky server via LDAP.
At the moment I can access the share via the “other locations” menu in the file manager on an ubuntu laptop.
Authentication works and I can access the share (after entering username, domain and password)
however I believe this is using Kerberos for authentication silently on the backend. This isn’t ideal as it will require re-mounting every 10 or so hours.
Does anyone have any alternative options to kerberos in instances where the share needs to be mounted for extended periods of time. or is kerberos the only option and I have to find a way to re-authenticate automatically (also not ideal)
any help would be greatly appreciated. Thanks 
How are you running Samba ?
A start would be the output of ‘testparm -s’
Hi again,
command used for mounting:
sudo mount -t cifs //samba-srv<.domain.com>/folder /mnt/folder -o username=username,password=password,domain=password
(as recommended by the forum)
and this results in error 13 permission denied
for clarification, testparm -s does not result in any errors and as mentioned before I can connect fine via gnome on an ubuntu system.
for additional information:
smbclient //samba-srv<.domain.com>/folder -U username@<.domain.com>
this prompts me for a password but then works fine, I can see everything that I should be able to see when mounting but mount.cifs doesn’t work.
when using -d 5 on smbclient the line:
gensec_gse_client_prepare_ccache: Doing kinit for username@<.domain.com> to access cifs/samba-srv.domain.com into MEMORY:xxxxxx
^ this is the message that leads me to believe that kerberos is secretly being used
I believe I may have worked it out,
The only alternative to kerberos is ntlmv2, this is quite a bit less secure than kerberos but is better for compatibility with windows etc.
The issue I was having was that when it was trying to mount the samba share it was trying to use ntlmv2 to get access, however I have just realised that the samba server did not have the permission to get the nthash from my FreeIPA server.
after adding the permissions it can now mount just fine without issue on my rocky server and windows pc.
this isn’t super ideal, but it works for my situation
Where it says ‘domain’ it is referring to the NetBIOS domain, so you should not be entering the password, unless that is a typo or your NetBios domain is actually ‘PASSWORD’.
yes this is correct,
that command was just used for testing as it was mentioned in the topic linked previously.
the command that works now for me is
sudo mount -t cifs //samba-srv<.domain.com>/share /mnt/folder -o username=username,password=password,domain=domain,vers=3.0