I found the answer : you have to use the option nounix
together with file_mode
and dir_mode
Here is my fstab :
//adsrv01/Photos /mnt/Photos cifs credentials=/root/credentials.txt,file_mode=0770,dir_mode=0770,nounix,uid=505,gid=505 0 0
You noted that you can get "user Kerberos tickets as root" but you have a "key is not available" error.
find_krb5_cc: /tmp/krb5cc_1000 is owned by 1000, not 0
This error means mount.cifs does not have access to the Kerberos ticket because is not owned by root (userid: 0), which calls mount.cifs. I would assume that the Kerberos tickets root obtained with a user's password were designated for use only by that user.
Now why does mount want the ticket to be owned by root?
This part of first line:
uid=0x0;creduid=0x0;user=root;
may be the reason. Mount.cifs is being carried out as root. You might want to try changing uid and creduid to the useruid of the user.
I don't know where you're calling mount.cifs from, so I'm sorry if that's a little vague. Could you please give the mount.cifs command you're running and its options?
As for the share being "accessible for all users on the server":
I have pam_mount run after a user logs in and mount a share with their username, password and their Kerberos ticket, so I'm not using a keytab.
This is the mount command I'm calling:
mount -t cifs //<SERVER>/<VOLUME> <MOUNTPOINT> -o username=%(USER),sec=krb5,domain=<DOMAIN>,cruid=%(USERUID),uid=%(USERUID),gid=%(USERGID),rw
Add the authorized users to a single group. Also set file_mode= and dir_mode= to the correct permissions for the group to have read/write access to the file, something like 770.
Best Answer
The UID and GID used for the mounted fs is different from the credentials used to connect to the cifs fileserver. So, I can connect to the fileserver as bob, but mount the filesystem as larry. So, you should use the uid and gid mount options in addition to the credentials option.
from http://webscript.princeton.edu/~pug/faqwiki/index.php?title=Using_SAMBA/CIFS_to_access_Windows_Shares
[edit]