Join Log in
Score:1
Rob Campbell avatar Server

Please help me understand mounting cifs for domain group

au flag
Rob Campbell

I have samba ad dc and on a different member I have a file server.

Domain Controller = Debian 11 (DC01)
Domain Member (File Server) = Fedora 34 (FS01)
Domain Member (Workstation) = Fedora 34 (F01)

Here are the mount points (F01)

/multimedia/Photos
/multimedia/Movies
/multimedia/Music
/multimedia/Videos

smb.conf (FS01)

# Global parameters
[global]
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    realm = HOME.TEST-SERVER.LAN
    security = ADS
    template homedir = /home/HOME/%U
    template shell = /bin/bash
    username map = /etc/samba/user.map
    winbind refresh tickets = Yes
    winbind use default domain = Yes
    workgroup = HOME
    idmap config * : range = 10000-24999999
    idmap config * : backend = autorid
    map acl inherit = Yes
    vfs objects = acl_xattr


[homes]
    browseable = No
    comment = Home Directories
    read only = No
    valid users = %S


[printers]
    browseable = No
    comment = All Printers
    path = /var/spool/samba
    printable = Yes


[Photos]
    comment = Photos
    inherit acls = Yes
    path = /multimedia/Photos
    read list = "@HOME\Domain Users"
    read only = No
    valid users = "@HOME\Media Admins" @HOME\Photographers
    write list = @HOME\Photographers


[Videos]
    comment = Videos
    inherit acls = Yes
    path = /multimedia/Videos
    read only = No
    valid users = "@HOME\Video Users"


[Movies]
    comment = Videos
    inherit acls = Yes
    path = /multimedia/Movies
    read only = No
    valid users = "@HOME\Domain Users"


[Music]
    comment = Videos
    inherit acls = Yes
    path = /multimedia/Music
    read only = No
    valid users = "@HOME\Domain Users"


[seagate]
    comment = Videos
    inherit acls = Yes
    path = /media/seagate
    read only = No
    valid users = "@HOME\Domain Users"


[Backup]
    comment = Backup
    inherit acls = Yes
    path = /media/Seagate_1
    read only = No
    valid users = "@HOME\Domain Users"

gio mount smb://fs01/photos (F01)

gio: smb://fs01/photos/: Failed to mount Windows share: Permission denied

tail /var/log/messages (F01)

Nov  9 15:29:33 FS01 smbd[799696]: [2021/11/09 15:29:33.316583,  0] ../../source3/smbd/service.c:167(chdir_current_service)
Nov  9 15:29:33 FS01 smbd[799696]:  chdir_current_service: vfs_ChDir(/multimedia/Photos) failed: Permission denied. Current token: uid=211104, gid=210513, 8 groups: 211104 210513 211112 211113 109999 109990 109982 10001

Above worked at one time but no longer working

sudo mount -vvv -t cifs //fs01/photos /multimedia/Photos/ -o credentials=/root/.smb (F01)

domain=FS01
mount.cifs kernel mount options: ip=10.0.0.10,unc=\\fs01\photos,user=redhat,domain=FS01,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

dmesg (F01)

[ 7092.213424] CIFS: Attempting to mount \\fs01\photos
[ 7092.222559] CIFS: Status code returned 0xc000006d STATUS_LOGON_FAILURE
[ 7092.222564] CIFS: VFS: \\fs01 Send error in SessSetup = -13
[ 7092.222571] CIFS: VFS: cifs_mount failed w/return code = -13

How do I mount these so that access is controlled by Samba where I would just need to update the smb.conf with groups to control access?

133
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.