[Freeipa-users] Mount cifs share using kerberos
John Obaterspok
john.obaterspok at gmail.com
Fri Jan 9 16:38:31 UTC 2015
>
>
> 2015-01-09 10:11 GMT+01:00 Alexander Bokovoy <abokovoy at redhat.com>:
>>
>> On Fedora 21 we have /etc/request-key.d/cifs.upcall.conf and
>> /etc/request-key.d/cifs.idmap.conf to allow kernel to properly fetch
>> Kerberos keys and map IDs of CIFS identities. These configurations are
>> part of cifs-utils package which also supplies mount.cifs.
>>
>>
>
I have no /etc/request-key.d/cifs.upcall.conf on my F21. Is it suppose to
be there?
This is what I have:
[root at ipaserver etc]# cat request-key.conf
###############################################################################
# .... snip ....
################################################################################
#OP TYPE DESCRIPTION CALLOUT INFO PROGRAM ARG1 ARG2 ARG3 ...
#====== ======= =============== ===============
===============================
create dns_resolver * * /sbin/key.dns_resolver %k
create user debug:* negate /bin/keyctl negate %k 30 %S
create user debug:* rejected /bin/keyctl reject %k 30 %c
%S
create user debug:* expired /bin/keyctl reject %k 30 %c
%S
create user debug:* revoked /bin/keyctl reject %k 30 %c
%S
create user debug:loop:* * |/bin/cat
create user debug:* *
/usr/share/keyutils/request-key-debug.sh %k %d %c %S
negate * * * /bin/keyctl negate %k 30 %S
[root at ipaserver etc]# ls request-key.d/
cifs.idmap.conf cifs.spnego.conf id_resolver.conf
[root at ipaserver etc]# cat request-key.d/cifs.idmap.conf
create cifs.idmap * * /usr/sbin/cifs.idmap %k
[root at ipaserver etc]# cat request-key.d/cifs.spnego.conf
create cifs.spnego * * /usr/sbin/cifs.upcall %k
-- john
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150109/da161b09/attachment.htm>
More information about the Freeipa-users
mailing list