From owner-freebsd-hackers@FreeBSD.ORG Tue Jun 3 13:43:25 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B62D6106567B for ; Tue, 3 Jun 2008 13:43:25 +0000 (UTC) (envelope-from det135@hoenikker.aset.psu.edu) Received: from f04n07.cac.psu.edu (f04s07.cac.psu.edu [128.118.141.35]) by mx1.freebsd.org (Postfix) with ESMTP id 3D1908FC1F for ; Tue, 3 Jun 2008 13:43:24 +0000 (UTC) (envelope-from det135@hoenikker.aset.psu.edu) Received: from hoenikker.aset.psu.edu (hoenikker.aset.psu.edu [128.118.99.49]) by f04n07.cac.psu.edu (8.13.2/8.13.2) with ESMTP id m53DhNVc096186 for ; Tue, 3 Jun 2008 09:43:23 -0400 Received: from hoenikker.aset.psu.edu (hoenikker.aset.psu.edu [128.118.99.49]) by hoenikker.aset.psu.edu (8.14.2/8.14.2) with ESMTP id m53Dh7kT056766 for ; Tue, 3 Jun 2008 09:43:07 -0400 (EDT) (envelope-from det135@hoenikker.aset.psu.edu) Received: (from det135@localhost) by hoenikker.aset.psu.edu (8.14.2/8.14.2/Submit) id m53Dh7Zv056765 for freebsd-hackers@freebsd.org; Tue, 3 Jun 2008 09:43:07 -0400 (EDT) (envelope-from det135) Date: Tue, 3 Jun 2008 09:43:07 -0400 From: Derek Taylor To: freebsd-hackers@freebsd.org Message-ID: <20080603134307.GK76952@psu.edu> Mail-Followup-To: Derek Taylor , freebsd-hackers@freebsd.org References: <20080521182722.GC40818@psu.edu> <483554FC.9040908@dlr.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <483554FC.9040908@dlr.de> User-Agent: Mutt/1.5.18 (2008-05-17) X-Virus-Scanned: by amavisd-new Subject: Re: Kerberized CIFS client? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Derek Taylor List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2008 13:43:25 -0000 On Thu, 22 May 2008, Hartmut Brandt wrote: >Derek Taylor wrote: >> This question was previously posed of the freebsd-questions list, but >> with no response for a week, I'd like to try my luck here. If there's >> any more information I should include, please speak up: I would be glad >> to oblige. >> >> I would like to use smb/cifs with kerberos auth, but mount_smbfs doesn't >> seem to support this. >> >> Is anyone aware of an alternate means of performing a mount via smb/cifs >> or any patches to provide such functionality? >> >> I already have smbclient working with -k, but I am also interested in a >> mount. > >Try smbnetfs from ports. It's fuse based and seems to work very nice. If >you have a large amount of shares floating in your network you want to >restrict it to mount only the needed shares via the config file. >Otherwise it will mount what it can find... > >It plays nicely with kerberors. When your ticket expires you immediately >loose access; when you renew it you gain access again. All without the >need to unmount/mount. Just call smbnetfs once you have your ticket. You >may even do this from your .profile. > >harti Sorry for not replying sooner. Initial tests here are promising (I can see some mount paths being exported from the server), but it's not fully working (I don't see all of the mount paths that *should* be exported and I get permission denied errors). My thoughts are leaning towards an issue in negotiating auth with the server -- perhaps my krb creds aren't being used? Before trying to work out any issues over the list, there's a lot of things we need to check internally. The thing is that we're so crunched for time, I'm not sure when we'll have the chance to do this. Thanks for the heads up -- this is certainly closer than I was before. If we have the chance to work more on this, I'll follow up on this thread. Until then ... -Derek.