[gpfsug-discuss] CES SMB and multi user mounts

[Timm Stamer]

Hello leo,

we're using this in /etc/fstab:

//<server/<share /some/directory cifs
multiuser,sec=krb5,vers=3,user,domain=<domain>

We mount these shares with root rights after we have a valid krb
machine ticket (klist -k).

Afterwards users are able to access mounted shares with their krb user
ticket.


You may have to tune /etc/request-key.d/cifs.spnego.conf

create  cifs.spnego    * * /usr/sbin/cifs.upcall %k
create      dns_resolver   * * /usr/sbin/cifs.upcall %k



Kind regards
Timm


Am Freitag, dem 07.03.2025 um 15:42 +0000 schrieb Sala Leonardo:
> 
> Dear all,
> 
> 
> 
> we do have a CES cluster with GPFS 5.2.2.1 and Active Directory
> authentication, and I would like to have multiuser mounts on linux.
> To my understanding, in order to have this I need to have my share
> allowing anonymous users to get information ("restrict anonymous=0",
> and eventually guest access ("guest ok = True"). Despite this, I do
> always get the following error:
> 
> 
> Status code returned 0xc000006d STATUS_LOGON_FAILURE
> 
> 
> when mounting with:  mount.smb3 -o multiuser,sec=krb5,cifsacl,guest
> 
> 
> Has anyone succeeded in doing it? It seems that on Netapp it works,
> but one needs to create a share open to anyone, and then have your
> normal sub-shares in it. Any experience with CES? It seems to me that
> winbind always tries to get information from AD concerning the user
> mounting in multiuser mode, which in this case is root, thus it
> fails...
> 
> 
> Thanks!
> 
> 
> cheers
> 
> 
> leo
> 
> 
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at gpfsug.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6274 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20250310/0d3d3269/attachment.bin>