I am using Powerbroker Open (formerly Likewise Open) to join CentOS 7 machines to a Windows 2012 R2 domain. Login etc. works fine.
Now I am trying to use the automatic mount of home directories via PBs RemoteHomeDirTemplate option - the CIFS share should be mounted to a folder HomeShare withing the user's home folder. The shares themselves are provided by a FreeNAS box (i.e. Samba).
Unfortunately, this does not work. Syslog shows 2 CIFS mount attempts, one with option sec=krb5 and another with sec=krb5i. The first fails due to missing key, the second due to the server not supporting signatures.
It seems to be that Powerbroker does not store the Kerberos ticket (?).
When an Active Directory user logs in, klist shows no credential and a manual mount -t cifs //myserver/myshare HomeShare -o sec=krb5,[...] fails with the same error message.
As soon as a ticket is stored by kinit, the mount command succeeds and the share is accessible.
The question is: Where does (or should) Powerbroker store the Kerberos ticket? Or do I have to configure something so that PB makes the ticket available?
Thanks for any help!
edit:
Finally! I found the solution (just after I wrote this question...): On CentOS 7 the PBIS service is configured with the systemd feature PrivateTmp=yes. With this feature enabled, the Kerberos ticket is not stored in /tmp but instead in /tmp/systemd-private-xxxx (which is accessible only by root).
I edited the service configuration lwsmd.service and set PrivateTmp=no. After a service restart everything works as expected! Yes!
