[Discuss] CIFS Usage

[jbk at kjkelra.com (jbk)]

I am in the process of updating my client machines to 
Fedora20. I set up a samba server back in the early 2000's 
version 2.6. I am now running SL linux 6.1 with samba 
version 3.6. The client is running Fc20 with CIFS version 
2.2. selinux=0.

I implemented the means for users to mount their server 
shares to their home directories using the mount.cifs 
command then part of the samba-client package. This via a 
script that tested the server availability, created the 
mount point and mounted the share using a credentials file.

Five years ago the samba folks decided that user mounts 
using mount.cifs setuid was insecure and they disabled the 
feature. I have been able to keep using this feature on my 
client machines up to Fc14 by copying the mount.cifs and 
umount.cifs from the package distributed in Fc10. In the 
mean time the CIFS folks have made it possible to use 
mount.cifs setuid again with a corresponding entry in fstab.

I have not been able to get this feature to work 
successfully, (not ask for password,  use credentials), per 
their documentation and am asking if anyone on the BLU list 
has had any experience with this?

Below is some output from my attempts with comments.

###############################################

# Lines preceded with # are my comments. Lines preceded with 
$ are user command lines.

# Problem, cifs will not recognise user credentials file 
when mount.cifs is setuid.

# UID's are not the same between server and client.

# Using sudo below is successful but the mount is owned by 
root. Files and subdirectories are owned by UID of local 
user on server so access is limited.

$ sudo /usr/sbin/mount.cifs //sambaserv/k-rdat ~/k-rdat/ -v 
-o credentials=/home/jbk/.samba/.jbk
domain=kr
mount.cifs kernel mount options: 
ip=10.251.227.4,unc=\\sambaserv\k-rdat,user=jbk,,domain=kr,pass=********

# With mount.cifs setuid as below I am asked for my password 
as if no credential file is submitted. Furnishing the 
password the share is mounted owned by me and my group as 
well as all the files and subdirectories.

$ /usr/local/sbin/mount.cifs //sambaserv/k-rdat ~/k-rdat/ -v 
-o credentials=/home/jbk/.samba/.jbk
Password for jbk@//sambaserv/k-rdat: ***********
mount.cifs kernel mount options: 
ip=10.251.227.4,unc=\\sambaserv\k-rdat,uid=501,gid=501,user=jbk,pass=********

# Using the samba client utility I am able to visit the 
share on the server using my credentials file as shown below.

$ smbclient //sambaserv/k-rdat -d 3 -A ~/.samba/.jbk
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows 
limit (16384)
params.c:pm_process() - Processing configuration file 
"/etc/samba/smb.conf"
Processing section "[global]"
added interface enp0s25 ip=10.251.227.9 bcast=10.255.255.255 
netmask=255.0.0.0
Client started (version 4.1.3).
tdb(/var/lib/samba/gencache.tdb): tdb_open_ex: could not 
open file /var/lib/samba/gencache.tdb: Permission denied
tdb(/var/lib/samba/gencache.tdb): tdb_open_ex: could not 
open file /var/lib/samba/gencache.tdb: No such file or directory
tdb(/var/lib/samba/gencache.tdb): tdb_open_ex: could not 
open file /var/lib/samba/gencache.tdb: Permission denied
tdb(/var/lib/samba/gencache.tdb): tdb_open_ex: could not 
open file /var/lib/samba/gencache.tdb: No such file or directory
resolve_lmhosts: Attempting lmhosts lookup for name 
sambaserv<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name 
sambaserv<0x20>
resolve_wins: WINS server resolution selected and no WINS 
servers listed.
resolve_hosts: Attempting host lookup for name sambaserv<0x20>
tdb(/var/lib/samba/gencache.tdb): tdb_open_ex: could not 
open file /var/lib/samba/gencache.tdb: Permission denied
tdb(/var/lib/samba/gencache.tdb): tdb_open_ex: could not 
open file /var/lib/samba/gencache.tdb: No such file or directory
Connecting to 10.251.227.4 at port 445
Doing spnego session setup (blob length=42)
got OID=1.3.6.1.4.1.311.2.2.10
got principal=NONE
Got challenge flags:
Got NTLMSSP neg_flags=0x608a8215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Domain=[KR] OS=[Unix] Server=[Samba 3.6.9-167.el6_5]
smb: \> exit

# fstab entry for share below.

//sambaserv/k-rdat /home/jbk/k-rdat    cifs    user 0 0

end of output

#######################################

-- 
Jim KR
jbk at kjkelra.com