Windows smb share mount via logged kerberized user

ttheroux · December 6, 2022, 9:22pm

Hello,

I’ve been struggling for a week now between multuple documentation to figure this out, here’s what I’m trying to accomplish :

Mount share at either boot via service account or at domain user login, yes, SSSD is configured and working.

From there it should apply users rights on the smb share from it’s krb5 username and password.

This does not seem to work completely, I am able to map the network drive at boot via the service account but once in the user, rights does not apply since it uses the service account mapping.

Here’s the last doc I’ve landed on and tried : SMB: How to mount a Kerberized share - Red Hat Customer Portal

Thank you for your help in advance,

gerry666uk · December 6, 2022, 10:30pm

Forgetting the “boot via service account” for a minute, if you just want to mount as logged on user with perms, isn’t this the same thing as mounting a user’s home directory?

(Many people won’t be able to read the RHEL article as it’s behind a login).

ttheroux · December 6, 2022, 10:52pm

Hi @gerry666uk,

So in theory yes, the user would log and the mapped network share would apply permission to the drive using SSSD logged user info.

I am trying to simplify my life and not manually map all the network share per workstation or use a general user to map for all users.

ttheroux · December 7, 2022, 9:00pm

FYI, I’ve revised all the KRB5,SSSD,PAM and NSS config to make sure nothing was not doing it’s job properly.

This said, here’s where I can’t seem to figure it out :

in /etc/fstab : //test/test /E cifs multiuser,cifsacl,_netdev,sec=krb5,noserverino,user,uid=$USER,cruid=$USER,gid=domain^users,rw,username=XYZ@XYZ.co 0 0

This should mount via the XYZ user but then set permission from logged krb5 user.

Any pointer ?

gerry666uk · December 7, 2022, 9:56pm

I don’t know, but I think /etc/fstab is more for when you want something mounted at boot time, but if it’s for home directories, surely they would be mounted at user logon time?

ttheroux · December 7, 2022, 10:05pm

Hi Gerry,

This is to mount Windows SMB Share, network drive for user to put and take documents not home directories.

I am simply trying to replicate something like a GPO for Windows, to map network drives when user login depending on permission.

Any clue ?

gerry666uk · December 8, 2022, 7:40pm

In your original post it said:

so the second option sounded like a home directory

I think the question needs to be a bit clearer.

Topic		Replies	Views
Mapping AD Authenticated Windows Shares on Login Rocky Linux General	3	196	August 24, 2023
AD joined Rocky 8 & 9 cannot mount smb shares via Kerberos Rocky Linux General rocky-linux-8 , rocky-linux-9	5	70	April 12, 2024
Rocky 9 AD Join & AD Authentication on Win Svr SMB Shares Rocky Linux General	4	1389	August 21, 2023
Authenticate samba share to active directory Rocky Linux General	2	531	August 25, 2023
Automount nas cifs share Rocky Linux General	13	839	March 2, 2024

Windows smb share mount via logged kerberized user

Related Topics