Mounted a samba share as root and connecting user "andreas" with the multiuser option:
root@15-89:~# mount -t cifs //ds216.lowtech/downloads /downloads -o username=andreas,multiuser
Password for andreas@//ds216.lowtech/downloads: ************************
root@15-89:~# ll /downloads/
total 414032
drwxrwxrwx 1 root root 0 Apr 20 20:23 ./
drwxr-xr-x 25 root root 4096 Apr 25 17:33 ../
drwxr-xr-x 1 1026 users 0 Aug 14 2016 humblebundle/
drwxr-xr-x 1 1026 users 0 Aug 18 2016 isos/
-rw-r--r-- 1 1026 users 265777840 Sep 9 2014 KSP_demo_linux.zip
(...)
Verified user ubuntu cannot see that:
root@15-89:~# sudo -u ubuntu -H ls -l /downloads/
ls: cannot access '/downloads/': Permission denied
Switch to a terminal and login as ubuntu, using the same password that the ubuntu user has on the samba share:
15-89 login: ubuntu
Password:
Last login: Tue Apr 25 17:34:30 UTC 2017 from 10.0.5.1 on pts/1
Welcome to Ubuntu 16.10 (GNU/Linux 4.8.0-49-generic x86_64)
(...)
Verify we have a cifs logon key in the kernel keyring:
ubuntu@15-89:~$ keyctl show
Session Keyring
595619243 --alswrv 1000 1000 keyring: _ses
525246747 --alswrv 1000 65534 \_ keyring: _uid.1000
470618469 ----sw-v 0 0 \_ logon: cifs:a:10.10.222.255
And we can see the /downloads share now:
ubuntu@15-89:~$ ls -lah /downloads/
total 405M
dr-xr-xr-x 1 root root 0 Apr 20 20:23 .
drwxr-xr-x 25 root root 4.0K Apr 25 17:33 ..
drwxr-xr-x 1 1026 users 0 Aug 14 2016 humblebundle
drwxr-xr-x 1 1026 users 0 Aug 18 2016 isos
-rw-r--r-- 1 1026 users 254M Sep 9 2014 KSP_demo_linux.zip
(...)
Verification for yakkety amd64:
package from proposed: br.archive. ubuntu. com/ubuntu yakkety- proposed/ main amd64 Packages
Version table:
*** 2:6.5-2ubuntu2 500
500 http://
PAM module is installed: 64-linux- gnu/security/ pam_cifscreds. so 64-linux- gnu/security/ pam_cifscreds. so
root@15-89:~# ll /lib/x86_
-rw-r--r-- 1 root root 14176 Feb 28 21:58 /lib/x86_
/etc/pam.d/login file modified to include pam_keyinit and pam_cifscreds: http:// pastebin. ubuntu. com/24455401/
Mounted a samba share as root and connecting user "andreas" with the multiuser option: lowtech/ downloads /downloads -o username= andreas, multiuser //ds216. lowtech/ downloads: ******* ******* ******* ***
root@15-89:~# mount -t cifs //ds216.
Password for andreas@
root@15-89:~# ll /downloads/
total 414032
drwxrwxrwx 1 root root 0 Apr 20 20:23 ./
drwxr-xr-x 25 root root 4096 Apr 25 17:33 ../
drwxr-xr-x 1 1026 users 0 Aug 14 2016 humblebundle/
drwxr-xr-x 1 1026 users 0 Aug 18 2016 isos/
-rw-r--r-- 1 1026 users 265777840 Sep 9 2014 KSP_demo_linux.zip
(...)
Verified user ubuntu cannot see that:
root@15-89:~# sudo -u ubuntu -H ls -l /downloads/
ls: cannot access '/downloads/': Permission denied
Switch to a terminal and login as ubuntu, using the same password that the ubuntu user has on the samba share:
15-89 login: ubuntu
Password:
Last login: Tue Apr 25 17:34:30 UTC 2017 from 10.0.5.1 on pts/1
Welcome to Ubuntu 16.10 (GNU/Linux 4.8.0-49-generic x86_64)
(...)
Verify we have a cifs logon key in the kernel keyring: 10.10.222. 255
ubuntu@15-89:~$ keyctl show
Session Keyring
595619243 --alswrv 1000 1000 keyring: _ses
525246747 --alswrv 1000 65534 \_ keyring: _uid.1000
470618469 ----sw-v 0 0 \_ logon: cifs:a:
And we can see the /downloads share now:
ubuntu@15-89:~$ ls -lah /downloads/
total 405M
dr-xr-xr-x 1 root root 0 Apr 20 20:23 .
drwxr-xr-x 25 root root 4.0K Apr 25 17:33 ..
drwxr-xr-x 1 1026 users 0 Aug 14 2016 humblebundle
drwxr-xr-x 1 1026 users 0 Aug 18 2016 isos
-rw-r--r-- 1 1026 users 254M Sep 9 2014 KSP_demo_linux.zip
(...)
Meanwhile, /var/log/syslog has this to say: login:auth) : password stored login:session) : OPEN 1 login:session) : UID:1000 [0] GID:1000 [0] login:session) : GET SESSION = 993549428 login:session) : GET SESSION = 993549428 login:session) : JOIN = 595619243
Apr 25 17:34:46 15-89 login[1237]: pam_cifscreds(
Apr 25 17:34:46 15-89 login[1237]: pam_keyinit(
Apr 25 17:34:46 15-89 login[1237]: pam_keyinit(
Apr 25 17:34:46 15-89 login[1237]: pam_keyinit(
Apr 25 17:34:46 15-89 login[1237]: pam_keyinit(
Apr 25 17:34:46 15-89 login[1237]: pam_keyinit(
And /var/log/auth.log: login:session) : credential key for \\10.10. 222.255\ ubuntu added
Apr 25 17:34:46 15-89 login[1237]: pam_cifscreds(