Thanks Jeff! On 2/18/14, 7:03 PM, "Jeff Layton" <jlayton@xxxxxxxxxx> wrote: >On Tue, 18 Feb 2014 21:31:30 +0000 >Dave Swanger <swangdb@xxxxxxxxxx> wrote: > >> Jeff, >> >> My name is David Swanger, I am computer analyst at Auburn University. >>I have a server issue and your Red Hat Summit web site leads me to think >>maybe you can help me. >> > >Typically, these sorts of questions get sent to the linux-cifs mailing >list. I've cc'ed it here... > >> >>http://www.redhat.com/promo/summit/2010/presentations/summit/in-the-weeds >>/wed/jlayton-310-interoperability/jlayton_summit_2010-Final.pdf >> >> I have a RHEL 6 server. Users authenticate with an AD server and that >>works fine. I used Powerbroker to help connect to the AD server. >> > >Never heard of powerbroker, sorry... > >> I want users to be able to cifs mount their home directories from a >>Samba server using pam_mount and kerberos. I have a pam_mount.conf.xml >>with mount information/flags. >> >> Here is what happens. People log in and their home directories do not >>mount. In the system log, they are trying and failing to get a system >>ticket. >> >> >> Feb 18 15:15:38 mallard2 cifs.upcall: handle_krb5_mech: getting service >>ticket for ausamba.auburn.edu >> >> Feb 18 15:15:38 mallard2 cifs.upcall: cifs_krb5_get_req: unable to >>resolve (null) to ccache >> >> Feb 18 15:15:38 mallard2 cifs.upcall: handle_krb5_mech: failed to >>obtain service ticket (-1765328245) >> >> However, if they enter a kinit command, enter their password, log out >>then log back in, then their home dirs are mounted. Basically I guess >>I¹d like the user to auto enter a kinit command when they first log in. >>Do you know how to make this work? >> > >Typically, you use something like pam_krb5 to get krb5 creds at login >time, or nowadays something like sssd. > >> If you can help, I would appreciate it. If not, I understand. >> > >Good luck! > >-- >Jeff Layton <jlayton@xxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
