cifs SRV record

Why not just use DFS? I believe that this is what it was designed for.

-Bob

Post by steve
Hi
Is it possible to have cifs SRV rrs like ldap and kerberos where clients
can look for the service themselves? We'd like to be able to offer
shares on more than one server without the cluster stuff.
ATM we have e.g.
mount -t cifs //server/share -owhatever
Our question is, would having cifs SRV be a way around having to
specify a specific server?
Cheers,
Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
More majordomo info at http://vger.kernel.org/majordomo-info.html

Steve French

2014-06-18 23:10:14 UTC

Post by Bob Balsover
Why not just use DFS? I believe that this is what it was designed for.
-Bob

Yes. DFS should be used for this. Fairly easy to setup on server
(Samba or Windows or NetApp, although very different setup on Samba
than Windows) and the client supports it (whether Linux or Windows).

--
Thanks,

Steve

steve

2014-06-19 11:34:05 UTC

Post by Bob Balsover
Why not just use DFS? I believe that this is what it was designed for.
-Bob

Hi
Thanks. I know I can do that for windows clients but our Linux boxes (in
the same domain) use autofs e.g.
* -fstype=cifs,sec=krb5,multiuser ://server/share/&
Will the automounter still work from a DFS share and will it still do
the wild card like vanilla cifs?

What we'd like to do is add a second samba file server and sync the data
between them. Is DFS the way to go for this?
Cheers,
Steve

Bob Balsover

2014-06-19 16:39:33 UTC

Steve, DFS should still work. The server address is resolved by the
kernel cifs code and the share will be resolved correctly.

-Bob

Post by Bob Balsover
Why not just use DFS? I believe that this is what it was designed for.
-Bob

Hi
Thanks. I know I can do that for windows clients but our Linux boxes (in
the same domain) use autofs e.g.
* -fstype=cifs,sec=krb5,multiuser ://server/share/&
Will the automounter still work from a DFS share and will it still do
the wild card like vanilla cifs?
What we'd like to do is add a second samba file server and sync the data
between them. Is DFS the way to go for this?
Cheers,
Steve

Post by steve
Hi
Is it possible to have cifs SRV rrs like ldap and kerberos where

clients

Post by steve
can look for the service themselves? We'd like to be able to offer
shares on more than one server without the cluster stuff.
ATM we have e.g.
mount -t cifs //server/share -owhatever
Our question is, would having cifs SRV be a way around having to
specify a specific server?

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
More majordomo info at http://vger.kernel.org/majordomo-info.html

steve

2014-06-19 16:57:55 UTC

Post by Bob Balsover
Steve, DFS should still work. The server address is resolved by the
kernel cifs code and the share will be resolved correctly.
-Bob

Hi
But we don't want to have to specify the server. We want the share to be
either of the servers in the domain containing our synced data. Hence (I
think) your suggestion of DFS.

I know that on windows you can specify
\\domain\share
and dfs will find any server in the domain that has the share.

1. Can samba/cifs servers be configured to do that?
2. Can Linux clients mount such configurations?
3. Is there a howto?

Thanks,
Steve

Post by Bob Balsover
Why not just use DFS? I believe that this is what it was designed for.
-Bob

Hi
Thanks. I know I can do that for windows clients but our Linux boxes (in
the same domain) use autofs e.g.
* -fstype=cifs,sec=krb5,multiuser ://server/share/&
Will the automounter still work from a DFS share and will it still do
the wild card like vanilla cifs?
What we'd like to do is add a second samba file server and sync the data
between them. Is DFS the way to go for this?
Cheers,
Steve

Post by steve
Hi
Is it possible to have cifs SRV rrs like ldap and kerberos where

clients

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
More majordomo info at http://vger.kernel.org/majordomo-info.html

Bob Balsover

2014-06-19 17:12:25 UTC

Why don't you try it and tell us if you have a problem.

Post by Bob Balsover
Steve, DFS should still work. The server address is resolved by the
kernel cifs code and the share will be resolved correctly.
-Bob

Hi
But we don't want to have to specify the server. We want the share to be
either of the servers in the domain containing our synced data. Hence (I
think) your suggestion of DFS.
I know that on windows you can specify
\\domain\share
and dfs will find any server in the domain that has the share.
1. Can samba/cifs servers be configured to do that?
2. Can Linux clients mount such configurations?
3. Is there a howto?
Thanks,
Steve

Post by Bob Balsover
Why not just use DFS? I believe that this is what it was designed

for.

Post by Bob Balsover
-Bob

Hi
Thanks. I know I can do that for windows clients but our Linux boxes

(in

Post by steve
the same domain) use autofs e.g.
* -fstype=cifs,sec=krb5,multiuser ://server/share/&
Will the automounter still work from a DFS share and will it still do
the wild card like vanilla cifs?
What we'd like to do is add a second samba file server and sync the

data

Post by steve
between them. Is DFS the way to go for this?
Cheers,
Steve

Post by steve
Hi
Is it possible to have cifs SRV rrs like ldap and kerberos where

clients

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs"

Post by steve
More majordomo info at http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
More majordomo info at http://vger.kernel.org/majordomo-info.html

steve

2014-06-19 17:20:51 UTC

Post by Bob Balsover
Why don't you try it and tell us if you have a problem.

Whilst we can find this:
https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/msdfs.html
There seems to be nothing on domain dfs.
Could you give us a pointer?
If it's not possible, no problem. Just that we'd rather use samba
servers.
Thanks.

Post by Bob Balsover
Steve, DFS should still work. The server address is resolved by the
kernel cifs code and the share will be resolved correctly.
-Bob

Hi
But we don't want to have to specify the server. We want the share to be
either of the servers in the domain containing our synced data. Hence (I
think) your suggestion of DFS.
I know that on windows you can specify
\\domain\share
and dfs will find any server in the domain that has the share.
1. Can samba/cifs servers be configured to do that?
2. Can Linux clients mount such configurations?
3. Is there a howto?
Thanks,
Steve

Post by Bob Balsover
Why not just use DFS? I believe that this is what it was designed

for.

Post by Bob Balsover
-Bob

Hi
Thanks. I know I can do that for windows clients but our Linux boxes

(in

data

Post by steve
between them. Is DFS the way to go for this?
Cheers,
Steve

Post by steve
Hi
Is it possible to have cifs SRV rrs like ldap and kerberos where

clients

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs"

Post by steve
More majordomo info at http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
More majordomo info at http://vger.kernel.org/majordomo-info.html

Bob Balsover

2014-06-19 19:17:45 UTC

Steve, you appear to be beating a dead horse. Assuming you are using a
somewhat current kernel just place the DFS share in your client's
configuration file and try it. I am currently working with this kernel
code and it works fine.

Post by Bob Balsover
Why don't you try it and tell us if you have a problem.

https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/msdfs.html
There seems to be nothing on domain dfs.
Could you give us a pointer?
If it's not possible, no problem. Just that we'd rather use samba
servers.
Thanks.

Post by Bob Balsover
Steve, DFS should still work. The server address is resolved by the
kernel cifs code and the share will be resolved correctly.
-Bob

Hi
But we don't want to have to specify the server. We want the share to

Post by steve
either of the servers in the domain containing our synced data. Hence

Post by steve
think) your suggestion of DFS.
I know that on windows you can specify
\\domain\share
and dfs will find any server in the domain that has the share.
1. Can samba/cifs servers be configured to do that?
2. Can Linux clients mount such configurations?
3. Is there a howto?
Thanks,
Steve

Post by Bob Balsover
Why not just use DFS? I believe that this is what it was

designed

Post by Bob Balsover
for.

Post by Bob Balsover
-Bob

Yes. DFS should be used for this. Fairly easy to setup on server
(Samba or Windows or NetApp, although very different setup on

Samba

Post by Steve French
than Windows) and the client supports it (whether Linux or

Windows).

Post by steve
Hi
Thanks. I know I can do that for windows clients but our Linux

boxes

Post by Bob Balsover
(in

Post by steve
the same domain) use autofs e.g.
* -fstype=cifs,sec=krb5,multiuser ://server/share/&
Will the automounter still work from a DFS share and will it still

Post by steve
the wild card like vanilla cifs?
What we'd like to do is add a second samba file server and sync the

data

Post by steve
between them. Is DFS the way to go for this?
Cheers,
Steve

Post by steve
Hi
Is it possible to have cifs SRV rrs like ldap and kerberos

where

Post by Steve French
clients

Post by steve
can look for the service themselves? We'd like to be able to

offer

Post by steve
shares on more than one server without the cluster stuff.
ATM we have e.g.
mount -t cifs //server/share -owhatever
Our question is, would having cifs SRV be a way around having

Post by steve
specify a specific server?

--
To unsubscribe from this list: send the line "unsubscribe

linux-cifs"

Post by Bob Balsover
in

Post by steve
More majordomo info at http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs"

Post by steve
More majordomo info at http://vger.kernel.org/majordomo-info.html

--
To unsubscribe from this list: send the line "unsubscribe linux-cifs" in
More majordomo info at http://vger.kernel.org/majordomo-info.html

steve

2014-06-20 12:14:29 UTC

Post by Bob Balsover
Steve, you appear to be beating a dead horse. Assuming you are using a
somewhat current kernel just place the DFS share in your client's
configuration file and try it. I am currently working with this kernel
code and it works fine.

OK, here's our first attempt:

[global]
workgroup = HH3
realm = HH3.SITE
security = ADS
kerberos method = system keytab
host msdfs = yes

[users]
path = /home/users
read only = No

[dfs]
path = /home/samba/dfs
msdfs root = yes
- - -

alfaz:/home/samba/dfs # ls -l
total 0
lrwxrwxrwx 1 root root 17 Jun 20 13:57 users -> msdfs:alfaz\users
- - -

klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 host/alfaz.hh3.site-UiqEU/***@public.gmane.org
1 host/alfaz.hh3.site-UiqEU/***@public.gmane.org
1 host/alfaz.hh3.site-UiqEU/***@public.gmane.org
1 host/alfaz.hh3.site-UiqEU/***@public.gmane.org
1 host/alfaz.hh3.site-UiqEU/***@public.gmane.org
1 host/alfaz-UiqEU/***@public.gmane.org
1 host/alfaz-UiqEU/***@public.gmane.org
1 host/alfaz-UiqEU/***@public.gmane.org
1 host/alfaz-UiqEU/***@public.gmane.org
1 host/alfaz-UiqEU/***@public.gmane.org
1 ALFAZ$@HH3.SITE
1 ALFAZ$@HH3.SITE
1 ALFAZ$@HH3.SITE
1 ALFAZ$@HH3.SITE
1 ALFAZ$@HH3.SITE
1 cifsuser-UiqEU/***@public.gmane.org

This works fine:
mount -t cifs //alfaz/dfs/users /mnt
-osec=krb5,username=cifsuser,multiuser

cifsuser gets a ticket:
klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: cifsuser-UiqEU/***@public.gmane.org

Valid starting Expires Service principal
06/20/2014 13:20:31 06/20/2014 23:20:31 krbtgt/HH3.SITE-UiqEU/***@public.gmane.org
renew until 06/21/2014 13:20:31
06/20/2014 13:35:32 06/20/2014 23:20:31 cifs/alfaz@
renew until 06/21/2014 13:20:31
06/20/2014 13:35:32 06/20/2014 23:20:31 cifs/alfaz-UiqEU/***@public.gmane.org
renew until 06/21/2014 13:20:31

And the share is mounted:
ls /mnt
Administrator br2 cifsuser julie julie2 lynn2 steve2 steve3
However, there's no advantage in using dfs for that becaause we've had
to specify the server.

But that's not what we want. So, after some googling, we include the
domain:
mount -t cifs //hh3.site/dfs/users /mnt
-osec=krb5,username=cifsuser,multiuser
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
It doesn't mount.

And the KDC responds:
Kerberos: TGS-REQ cifsuser-UiqEU/***@public.gmane.org from ipv4:192.168.1.102:51585 for
cifs/hh3.site-UiqEU/***@public.gmane.org [canonicalize, renewable]
Kerberos: Searching referral for hh3.site
Kerberos: Returning a referral to realm SITE for server
cifs/hh3.site-UiqEU/***@public.gmane.org that was not found
Failed find a single entry for
(&(objectClass=trustedDomain)(|(flatname=SITE)(trustPartner=SITE))): got
0
Kerberos: samba_kdc_fetch: could not find principal in DB
Kerberos: Server not found in database: krbtgt/SITE-UiqEU/***@public.gmane.org: no such
entry found in hdb
Kerberos: Failed building TGS-REP to ipv4:192.168.1.102:51585
Terminating connection - 'kdc_tcp_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]
Kerberos: TGS-REQ cifsuser-UiqEU/***@public.gmane.org from ipv4:192.168.1.102:51586 for
krbtgt/SITE-UiqEU/***@public.gmane.org [renewable]
Failed find a single entry for
(&(objectClass=trustedDomain)(|(flatname=SITE)(trustPartner=SITE))): got
0
Kerberos: samba_kdc_fetch: could not find principal in DB
Kerberos: Server not found in database: krbtgt/SITE-UiqEU/***@public.gmane.org: no such
entry found in hdb
Kerberos: Failed building TGS-REP to ipv4:192.168.1.102:51586

How do we tell cifs to look in the domain for a dfs share server?

Samba4 DC running samba with Samba4 file server running smbd all on
openSUSE 13.1

Thanks for your patience.
Steve

steve

2014-06-21 18:54:45 UTC