SOLUTION
After a lot of reserching and testing, I found a solution to the problem. Its a very easy workaround:
------------------ SOLUTION ------------------------
in /etc/samba/smb.conf add the following to the bottom of the [global]
section:
client lanman auth = yes
client ntlmv2 auth = no
-------------------------------------------------------
Look for this 2 post for the explanation of the solution:
http://ubuntuforums.org/showthread.php?t=1922280
https://bugs.launchpad.net/ubuntu/+source/gvfs/+bug/510059
As you can see in my question, I had the first line already and that worked for all version prior to 12.04LTS, but in this new version you MUST add the second line too which was option before.
Hope this helps!!!
It should be noted that the LANMAN Protocol is insecure and depreciated.
Use automount + multiuser option of mount.cifs
You can achieve this using automount and the multiuser option for mount.cifs. Install the required packages:
sudo apt install autofs keyutils cifs-utils
The following example assumes that the cifs server exports a share that is named after the user that is accessing it. Normally that would be suitable for home directories.
Add this to your /etc/auto.master
:
/cifs /etc/auto.cifs
In /etc/auto.cifs
put this:
* -fstype=cifs,multiuser,cruid=${UID},sec=krb5 ://server.domain/&
Make sure to replace server.domain by your file server. You could also use a fixed share this way. Just replace the *
by a fixed name and also the &
.
An important detail in the above configuration is the cruid=${UID}
. It will make the kernel look for a kerberos ticket in the context of the user accessing the share. Otherwise it would be trying roots ticket cache.
Finally reload automount:
sudo service autofs reload
If you have a kerberos ticket, it will mount the file system /cifs/$USER
on first access. That means you need to explicitly type e. g. cd /cifs/myuser
or a similar action in a GUI file browser. To avoid this you could place symbolic links pointing to this from somewhere else and tell users to access those.
If you are using a fixed share (not using *
and &
) of course you would have to type cd /cifs/sharename
.
Subsequent access by other users to the same share will be using their permissions, made possible by the multiuser
option. No additional mount will be made but the existing one reused.
From mount.cifs(8):
multiuser
Map user accesses to individual credentials when accessing
the server. By default, CIFS mounts only use a single set of
user credentials (the mount credentials) when accessing a
share. With this option, the client instead creates a new
session with the server using the user's credentials whenever
a new user accesses the mount. Further accesses by that user
will also use those credentials. Because the kernel cannot
prompt for passwords, multiuser mounts are limited to mounts
using sec= options that don't require passwords.
It is also possible to add the required automount maps to an LDAP server for central management, but this is probably beyond the scope of this answer.
In your question you asked for the mount to be mounted as root on boot. Technically this is done here in form of a place holder mount for autofs. Practically the real mount is only done on first access by a user.
We are using this setup for ~100 clients at my workplace for accessing quite a big lustre file system and it works reliably.
Best Answer
Thank you for the comments and answers. Looking at the issue with fresh eyes today, it appears to be a simple mount type (-t) option issue. All of the suggested device parameters, including
//HOSTNAME/SHARE_NAME
, are okay when used in the following mount command:sudo mount -t cifs -o guest //LOCALHOST/SHARE_NAME //DIRECTORY/MOUNT_POINT
As for the device name variations - it seems best practice to use
127.0.0.1
to refer to the host.