{"id":936,"date":"2016-05-04T20:43:26","date_gmt":"2016-05-05T01:43:26","guid":{"rendered":"http:\/\/www.gamescheat.ca\/?p=936"},"modified":"2019-09-04T19:57:39","modified_gmt":"2019-09-05T00:57:39","slug":"mount-windows-cifs-share-on-linux-server-using-kerberos-keytab","status":"publish","type":"post","link":"http:\/\/www.gamescheat.ca\/?p=936","title":{"rendered":"Mount Windows CIFS share on Linux server using kerberos keytab"},"content":{"rendered":"<p>Use kerberos ticket to mount CIFS shares on a Linux server. You do not need to know the password for the account, nor have the password stored in a file.<\/p>\n<p>Create the keytab file for the account my-account, this step must be completed by a Domain Admin on a domain controller<\/p>\n<blockquote><p>C:\\>ktpass -princ my-account -mapuser my-account -pass password -crypto ALL -out \u201cC:\\my-account.keytab\u201d -pType KRB5_NT_PRINCIPAL<\/p><\/blockquote>\n<p>Copy the keytab files to Linux server \/etc\/my-account.keytab<\/p>\n<p>Determine what the UID for my-account is.<\/p>\n<blockquote><p>[root@server1 etc]# id my-account<br \/>\nuid=16861554(my-account) gid=16861554(my-account) groups=16861554(my-account)<\/p><\/blockquote>\n<p>Add this to \/etc\/fstab, replace uid and gid with the ones for my-account<\/p>\n<blockquote><div style=\"float: left;\"><div style=\"margin: 15px 15px 15px 15px\";><script type=\"text\/javascript\"><!--\ngoogle_ad_client = \"pub-3319935785736004\";\ngoogle_alternate_color = \"FFFFFF\";\ngoogle_ad_width = 250;\ngoogle_ad_height = 250;\ngoogle_ad_format = \"250x250_as\";\ngoogle_ad_type = \"text_image\";\ngoogle_ad_channel =\"\";\ngoogle_color_border = \"cccccc\";\ngoogle_color_link = \"cc0000\";\ngoogle_color_bg = \"ffffff\";\ngoogle_color_text = \"000000\";\ngoogle_color_url = \"008000\";\n\/\/--><\/script>\n<script type=\"text\/javascript\"\n  src=\"http:\/\/pagead2.googlesyndication.com\/pagead\/show_ads.js\">\n<\/script><\/div><\/div><p>\/\/server3\/share\/myshare \/opt\/myshare cifs sec=krb5,uid=16861554,gid=16861554 0 0<\/p><\/blockquote>\n<p>Create the file \/kerberos_renewal.sh, cut and paste the below into it and modify where necessarry.<\/p>\n<blockquote><p>#!\/bin\/bash<br \/>\n. ~\/.bash_profile<br \/>\n\/usr\/bin\/kinit -k -t \/etc\/my-account.keytab my-account<br \/>\n[[ $? -ne 0 ]] && {<br \/>\necho \u201cKerberos TGT renewal JOB failed on `hostname`\u201d|mailx -s \u201cKerberos TGT renewal JOB failed on `hostname`\u201d email1@myemail.com<br \/>\nexit 1<br \/>\n}<br \/>\necho \u201cLast startup run \u2013 `date`\u201d >> \/my-account\/cronjob.log<br \/>\nexit 0<\/p><\/blockquote>\n<p>Create the file \/cronjob.txt, cut and paste the below into the file.<\/p>\n<blockquote><p>#Kerberos TGT renewal<br \/>\n@reboot \/my-account\/kerberos_renewal.sh<br \/>\n0 *\/8 * * * \/my-account\/kerberos_renewal.sh<\/p><\/blockquote>\n<p>Apply correct ownership for files<\/p>\n<blockquote><p>chown my-account cronjob.txt kerberos_renewal.sh<\/p><\/blockquote>\n<p>Schedule the cronjob.<\/p>\n<blockquote><p>crontab \/cronjob.txt<\/p><\/blockquote>\n<p>Reboot<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Use kerberos ticket to mount CIFS shares on a Linux server. You do not need to know the password for the account, nor have the password stored in a file. Create the keytab file for the account my-account, this step&hellip;<\/p>\n<p class=\"more-link-p\"><a class=\"more-link\" href=\"http:\/\/www.gamescheat.ca\/?p=936\">Read more &rarr;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[13],"tags":[85,86,25],"_links":{"self":[{"href":"http:\/\/www.gamescheat.ca\/index.php?rest_route=\/wp\/v2\/posts\/936"}],"collection":[{"href":"http:\/\/www.gamescheat.ca\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.gamescheat.ca\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.gamescheat.ca\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.gamescheat.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=936"}],"version-history":[{"count":1,"href":"http:\/\/www.gamescheat.ca\/index.php?rest_route=\/wp\/v2\/posts\/936\/revisions"}],"predecessor-version":[{"id":937,"href":"http:\/\/www.gamescheat.ca\/index.php?rest_route=\/wp\/v2\/posts\/936\/revisions\/937"}],"wp:attachment":[{"href":"http:\/\/www.gamescheat.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=936"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.gamescheat.ca\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=936"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.gamescheat.ca\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}