01-19-2009
(Extract from mail with HP CIFS team (Eric)...)
Quote:
Here's how the HP CIFS Client and Server handle user-level security.
Admittedly rather quirky, but it works; you just have to follow the rules.
i. In the Samba configuration file, under the entry for the share, you give
a list of one or more usernames. These are the users whose passwords are
used by Samba to authenticate client requests to access the share (this will
make sense later). For example:
[global]
security = share
encrypt passwords = yes
[share]
path = /export/share
username = userA userB
ii. On the cifsclient, root mounts the share:
cifsmount server:/share /mountpoint
Root may also provide a username and password (-U and -P), subject to constraints
described below.
iii. On the cifsclient, whoever wants to access the share must be autheticated
via cifslogin:
cifslogin [-U username] //server/share
Share Password for \\SERVER\SHARE:****
Note that if you use this syntax:
cifslogin [-U username] server
you will first get this prompt:
Login to Share:
which is asking for the share name; then you will get the "Share Password..." prompt.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I am having trouble mounting with cifs, but mounting the exact same command with smbfs works fine. The share is on another samba server and is set to full public guest access. # mount -t cifs //servername/sharename /mnt/temp -o password=""
mount error 13 = Permission denied Refer to the... (3 Replies)
Discussion started by: humbletech99
3 Replies
2. Windows & DOS: Issues & Discussions
I'm in the process of migrating my windows file servers to a Ubuntu Samba server.
My plan is to use cp -Rp to copy all the mounted files to the proper directory on my Ubuntu server.
I can mount them just fine but if I run getfacl against a mounted directory its not showing any of my Windows... (0 Replies)
Discussion started by: binary-ninja
0 Replies
3. AIX
Hi all,
We are experiencing below mentioned error on mounting windows Share on AIX 5.3 when we migrate our TL from 8 to TL12-SP01, we also checked the allowed password length for mounting CIFS which is fine(10 characters in our case). On IBM fix central site there is a fix IZ63140 for... (10 Replies)
Discussion started by: m_raheelahmed
10 Replies
4. AIX
Dear Experts,
Im facing a unique situation. We got a windows server folder cifs mounted on my AIX server. Before restarting the win server I tried unmounting the cifs mount. It got hanged and win server was restarted however.
Now Im trying to mount the same. It prompts for password... (3 Replies)
Discussion started by: jayadeava
3 Replies
5. Linux
After switching from smbfs mount, the dmask/dir_mode and fmask/file_mode no longer have an effect on the newly created files. It seems to use the system umask instead.
I need the group to have write permissions without changing the root umask on the system. Any ideas?
example fstab:
... (0 Replies)
Discussion started by: gadgetx23
0 Replies
6. Red Hat
hi,
I have the following permission problems with cifs.mount : a share on a VNXe (EMC NAS) is accessed by two RHEL 5.9 accounts (authenticated by Active Directory); One account has read+wite permission to the share , the second one has only read permission. Both accounts uses the following... (0 Replies)
Discussion started by: Zarake
0 Replies
7. UNIX and Linux Applications
On Slackware14.0
Compiled cifs-utils with kerberos support
on request-key.conf added
create cifs.spnego * * /usr/sbin/cifs.upcall %k %d
But when i try
mount -o sec=krb5 -t cifs //SLACK64//Users /media/users
mount error(38): Function not implemented
Refer to the... (1 Reply)
Discussion started by: Linusolaradm1
1 Replies
8. AIX
Hello AIX gurus,
I am trying to mount a CIFS share on AIX and I could use some help. Here are the environment details:
AIX - 6100-05-01-1016
Domain Controller - WIN2K8R2 (authentication takes place here)
CIFS share is stored on a NetApp storage array that is joined to the domain
I have... (2 Replies)
Discussion started by: jhall
2 Replies
9. AIX
Hi,
I can't find any documentation of all available mount options of mount -v cifs
Unfortunately you can specify any fantasy options, no complains, and the mount command shows this option
In particular I want to know if there is a possibility to completely disable cifs caching in aix,... (3 Replies)
Discussion started by: funksen
3 Replies
10. UNIX for Beginners Questions & Answers
I have a Linux server with a cifsmount, the entry in /etc/fstab looks like this: //windows_server_name/xyz /opt/xyz cifs credentials=/etc/creds/xyz.creds,uid=abc,gid=abc,noserverino,directio,_netdev 0 0
The username and password are stored in /etc/creds/xyz.creds
This works fine.:wall: How... (1 Reply)
Discussion started by: Joke Holmer
1 Replies
LEARN ABOUT DEBIAN
cifs.idmap
CIFS.IDMAP(8) System Administration tools CIFS.IDMAP(8)
NAME
cifs.idmap - Userspace helper for mapping ids for Common Internet File System (CIFS)
SYNOPSIS
cifs.idmap [--version|-v] {keyid}
DESCRIPTION
This tool is part of the cifs-utils suite.
cifs.idmap is a userspace helper program for the linux CIFS client filesystem. There are a number of activities that the kernel cannot
easily do itself. This program is a callout program that does these things for the kernel and then returns the result.
cifs.idmap is generally intended to be run when the kernel calls request-key(8) for a particular key type. While it can be run directly
from the command-line, it is not generally intended to be run that way.
cifs.idmap works in conjuction with winbind facility of Samba suite to map owner and group SIDs to uids and gids respectively. It is best
utilized when
- a mount option of cifsacl is specified when mounting a cifs share
- winbind is specified as one of the search entries for passwd and group databases in file /etc/nsswitch.conf
- file smb.conf has winbind specific entries
- winbind daemon program is running
In case winbind and cifs.idmap facilities are unavailable, file objects in a mounted share are assigned uid and gid of the credentials of
the process that mounted the share. So it is strongly recomemended to use mount options of uid and gid to specify a default uid and gid to
map owner SIDs and group SIDs respectively in case services of winbind and cifs.idmap facility are unavailable.
OPTIONS
--version|-v
Print version number and exit.
CONFIGURATION FOR KEYCTL
cifs.idmap is designed to be called from the kernel via the request-key callout program. This requires that request-key be told where and
how to call this program. Currently cifs.idmap handles a key type of:
cifs.idmap
This keytype is for mapping a SID to either an uid or a gid
To make this program useful for CIFS, you will need to set up entry for it in request-key.conf(5). Here is an example of an entry for this
key type:
#OPERATION TYPE D C PROGRAM ARG1 ARG2...
#========= ============= = = ================================
create cifs.idmap * * /usr/sbin/cifs.idmap %k
See request-key.conf(5) for more info on each field.
NOTES
Support for upcalls to cifs.idmap was initially introduced in the 3.0 kernel.
SEE ALSO
request-key.conf(5), mount.cifs(8)
AUTHOR
Shirish Pargaonkar wrote the cifs.idmap program.
The Linux CIFS Mailing list is the preferred place to ask questions regarding these programs.
cifs-utils 05/26/2011 CIFS.IDMAP(8)