Automount SMB Shares Using KRB5
In some cases, it may be necessary to automatically mount smb shares at host startup not using a file with login/password, but using krb5.
There is (precondition):
Domain joined VM on ubuntu 24 server LTS
The necessary libraries are installed from https://ubuntu.com/server/docs/how-to-set-up-sssd-with-ldap-and-kerberos
To set this up we will need:
1) Generate a keytab file
ktutil ktutil: addent -password -p username@DOMAIN.COM -k 1 -f Password for username@DOMAIN.COM: ktutil: wkt /path/to/username.keytab ktutil: quit
2) Set up appropriate file rights:sudo chown username:username /path/to/username.keytabsudo chmod 600 /path/to/username.keytab
3) Get a Kerberos ticket and write it to a file:kinit -kt /path/to/username.keytab username@DOMAIN.COM
4) Install kstart to automatically update ticketssudo apt-get install kstart
5)Create systemd-service /etc/systemd/system/k5start-username.service :
[Unit] Description=Maintain Kerberos Ticket for username
[Service]
Type=simple ExecStart=/usr/bin/kstart -U -t -K 60 -k /path/to/username.keytab -f /tmp/krb5cc_username
User=username
Restart=always
[Install] WantedBy=multi-user.target
6) enable systemd service:
sudo systemctl daemon-reload
sudo systemctl enable kstart-username.service
sudo systemctl start kstart-username.service
7) create a systemd service in /etc/systemd/system/mount-smb-username.service to mount the share:
[Unit] Description=Mount SMB Share for Username after k5start Requires=k5start-username.service After=k5start-username.service
[Service]
Type=oneshot ExecStart=/usr/bin/mount -t cifs //some/share/path /mnt/some_mnt_point -o sec=krb5,cruid=username
ExecStop=/usr/bin/umount /mnt/some_mnt_point RemainAfterExit=yes
[Install] WantedBy=multi-user.target