SMB: Kerberized SMB home directories can not be mounted with keyring cache and SELinux enabled
Issue
- Kerberized SMB shares can not be accessed by non-root users with SELinux enabled.
- Setting SELinux to
permissive
allows users to log in. - The share can not be mounted if it is listed in /etc/fstab or via autofs.
- Errors like
[sssd[krb5_child[####]]][####]: Permission denied
are logged in/var/log/messages
andjournalctl
.
Environment
- Red Hat Enterprise Linux
- 7
- 8
- SMB home directories
- Kerberos with KEYRING credential cache.
- sssd
- SELinux in enforcing mode
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.