I'm trying to integrate a CentOS7 client with Active Directy authentication and automatically mounting the user homedirs with cifs.
I would prefer to use autofs, but I've so far been unable to make cifs mount work with sec=krb5 setting. It always fails with this message
# mount -t cifs //fileserver.my.domain/user /mnt/user/ -orw,noperm,sec=krb5
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
Any hints on getting autofs to work with cifs and AD would be most welcome.
Setting up the authentication was a no-brainer using this description from RedHat and just amounted to add the neccessary packages listed by
realm discover MY.DOMAIN
and running the command
realm join MY.DOMAIN -U ad-admin-username
So authentication works fine, but getting cifs and kerberos to work is beyond me.
Best Answer
I do have a workaround using pam_exec, but do not feel that mounting of file shares belongs in the pam framework.
By inserting the following lines into /etc/pam.d/password-auth the listed script at the end will mount the right homedir upon password authentication. A lazy unmount is performed at session_close, but might not be the right thing to do.
Put this into password-auth
and this
both lines should be inserted after pam_mkhomedir lines inserted by the realm join command.
Another alternative is using pam_mount as described in this post, but then you must compile and install pam_mount manually as it is not provided with CentOS. (or get it from the Nux repo)
Here is the script itself, it shoud be saved as /usr/bin/pam_mount_cifs.sh