On Tue, 28 May 2013 15:42:16 +0200 steve <steve@xxxxxxxxxxxx> wrote: > On Tue, 2013-05-28 at 09:01 -0400, Jeff Layton wrote: > > > > > > > > That sounds reasonable. Assuming that you don't actually do anything on > > the mount as root, then you can give "cifsuser" very limited privileges > > here too, essentially acting as a "squashed" user like under NFS. > > > > Also, there's no need to do this crontab stuff either. If you mount > > with "-o sec=krb5,username=cifsuser" then cifs.upcall will be able to > > just use /etc/krb5.keytab without you needing to do anything special. > > > > So cifsuser doesn't need loginShell nor unixHomeDirectory or any of the > gecos stuff? I just tried with just posixAccount and uidNumber and > gidNumber. It works under test but am I missing something? We just need > cifsuser to be able to mount the share. He'll never need to do anything > else. > Cheers > Again, better question for the samba lists, but I'd assume that the login shell and homedir don't matter since samba just needs to be able to "become" that user when accessing files, not do a full login. Note too that unless you add "-o multiuser" then all accesses to that mount will be done with the credentials used to do the mount. Really, with kerberos auth there's little reason to use single-user mounts. -- Jeff Layton <jlayton@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html