I for one tried the automount/autofs cifs route but it's really hard going.
(Running RHEL5.5 Workstation here.)
I have the linux workstations successfully authenticating on AD via Kerberos, and can mount the shares manually, using the krb ticket granted on login. But can't seems to make it work via autofs, where most often it returns mount error -126.
There's tons of forum posts, etc, with folks trying to do this via autofs but all I can say is that it all seems very brittle. There's lots of complexity under the hood and little details that can go wrong. I'll post my config here in case it helps anyone.
* -fstype=cifs,sec=krb5,user=&,sign,uid=&,rw,filemode=0700,dirmode=0700 ://shareserver.mydomain.edu/Share/&
This fails unless you set UID=0
, which prevents regular users from using it securely...
There's so much more to it-- I'll continued if anybody is interested.
By the way, you'll need keyutils
installed and put this on /etc/request-key.conf
create cifs.spnego * * /usr/sbin/cifs.upcall %k
create dns_resolver * * /usr/sbin/cifs.upcall %k
By the way, pam_mount sounds good but isn't available on RHEL5.
The howto posted at the top works, but requires a file that a file with the credentials be on the machine, which isn't feasible on public workstations, etc.