From owner-freebsd-hackers@FreeBSD.ORG Tue Jun 3 15:37:36 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2489C1065670 for ; Tue, 3 Jun 2008 15:37:36 +0000 (UTC) (envelope-from Hartmut.Brandt@dlr.de) Received: from smtp-1.dlr.de (smtp-1.dlr.de [195.37.61.185]) by mx1.freebsd.org (Postfix) with ESMTP id B13648FC12 for ; Tue, 3 Jun 2008 15:37:35 +0000 (UTC) (envelope-from Hartmut.Brandt@dlr.de) Received: from beagle.kn.op.dlr.de ([129.247.178.136]) by smtp-1.dlr.de over TLS secured channel with Microsoft SMTPSVC(6.0.3790.1830); Tue, 3 Jun 2008 17:37:33 +0200 Date: Tue, 3 Jun 2008 17:37:32 +0200 (CEST) From: Harti Brandt X-X-Sender: brandt_h@beagle.kn.op.dlr.de To: Derek Taylor In-Reply-To: <20080603134307.GK76952@psu.edu> Message-ID: <20080603173601.W41705@beagle.kn.op.dlr.de> References: <20080521182722.GC40818@psu.edu> <483554FC.9040908@dlr.de> <20080603134307.GK76952@psu.edu> X-OpenPGP-Key: harti@freebsd.org MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-OriginalArrivalTime: 03 Jun 2008 15:37:33.0326 (UTC) FILETIME=[BDAC9AE0:01C8C58F] Cc: freebsd-hackers@freebsd.org Subject: Re: Kerberized CIFS client? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Harti Brandt List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2008 15:37:36 -0000 On Tue, 3 Jun 2008, Derek Taylor wrote: DT>On Thu, 22 May 2008, Hartmut Brandt wrote: DT>>Derek Taylor wrote: DT>>> This question was previously posed of the freebsd-questions list, but DT>>> with no response for a week, I'd like to try my luck here. If there's DT>>> any more information I should include, please speak up: I would be glad DT>>> to oblige. DT>>> DT>>> I would like to use smb/cifs with kerberos auth, but mount_smbfs doesn't DT>>> seem to support this. DT>>> DT>>> Is anyone aware of an alternate means of performing a mount via smb/cifs DT>>> or any patches to provide such functionality? DT>>> DT>>> I already have smbclient working with -k, but I am also interested in a DT>>> mount. DT>> DT>>Try smbnetfs from ports. It's fuse based and seems to work very nice. If DT>>you have a large amount of shares floating in your network you want to DT>>restrict it to mount only the needed shares via the config file. DT>>Otherwise it will mount what it can find... DT>> DT>>It plays nicely with kerberors. When your ticket expires you immediately DT>>loose access; when you renew it you gain access again. All without the DT>>need to unmount/mount. Just call smbnetfs once you have your ticket. You DT>>may even do this from your .profile. DT>> DT>>harti DT> DT>Sorry for not replying sooner. DT> DT>Initial tests here are promising (I can see some mount paths being DT>exported from the server), but it's not fully working (I don't see all DT>of the mount paths that *should* be exported and I get permission denied DT>errors). My thoughts are leaning towards an issue in negotiating auth DT>with the server -- perhaps my krb creds aren't being used? You can test this easily: if your ticket expires you get permission denied errors when you try to look into the mounted directories. As soon as you renew the ticket you get access again. All without restarting smbnetfs. harti