diff --git a/admin-guide/configuration/mount.md b/admin-guide/configuration/mount.md index 5867f9d3..6e73818d 100644 --- a/admin-guide/configuration/mount.md +++ b/admin-guide/configuration/mount.md @@ -58,6 +58,25 @@ Ideally use NFSv4 (option `nfsvers=4.2`) and Kerberos authentication (option `se ## CIFS +### CIFS with Multiuser Option and Kerberos + +Mounting a CIFS share with the `multiuser` option and Kerberos has the advantage that no password is needed and each user gets his personal access rights. But it needs to have, similar to AFS, an appropriate Kerberos ticket. + +``` +mounter::def::scratch: + ensure: 'mounted' + enable: 'true' + device: '//scratch01/scratch' + mountpoint: '/media/scratch' + type: 'cifs' + options: 'multiuser,sec=krb5' + +mounter::mounts: + - 'scratch' +``` + +### CIFS with User and Password + Remote CIFS mountpoints can be defined as follows: ``` @@ -85,11 +104,7 @@ In the above example, we need to create a `credentials` file with `mounter::cifs be called `cifs_mpc2375` and will be located in `/etc/cifs-utils` and will contain information about the username and password allowed to mount it. -On the other hand, a mount `emf` is defined. You should specify in options the location of `credentials`. -Other optional parameters are used. `emf` is mounted with type `cifs`, which will automatically ensure that -proper `cifs-utils` package is installed. - -Ideally this would also support Kerberos (option `multiuser,sec=krb5`) then we would not need to deal with a mount username and password. We got that once running, but only by chance when there was also a NFS mount with Kerberos authentication which would prepare the according Kerberos host tickets. For CIFS RedHat misses some upcall configuration to do the same. RedHat support said that this might be fixed for 8.8, but it did not happen. How to configure this upcall or to prepare the Kerberos ticket that manually outside (e.g. regulary with a timer) we have not figured out yet. +On the other hand, a mount `emf` with type `cifs` is defined. You should specify in options the location of `credentials` as well as optional parameters. ## AFS AFS is depending on role already configured by default. Additionally it can be enabled or disabled in Hiera with `base::enable_afs`: