How to mount a cifs share from a SMB3 linux server?

Solution found at least for kerberos and version 3.1.1

Suppose my user is called "pino" First we must create on AD server(Windows, Samba4, other..) the keytab for the fake user "cifs1".

ssh samba4.ad.server
samba-tool user delete cifs1
samba-tool user create cifs1 --random-password
samba-tool spn add cifs/yourclient.fqdn cifs1
samba-tool domain exportkeytab cifs1.keytab --principal=cifs/yourclient.fqdn

then we edit the file /etc/request.key.conf and we add those two lines

create  cifs.spnego    *        *               /usr/sbin/cifs.upcall %k
create  dns_resolver   *        *               /usr/sbin/cifs.upcall %k

then we safe copy the keytab from ad server to our client and merge with keytab krb5.keytab on client

(echo rkt cifs1.keytab ; echo wkt /etc/krb5.keytab )|ktutil

the user "pino" is authenticated, but for security reason we redo the kinit

echo passofpino|kinit

Now finally we can mount our share with version=3.1.1, the most important part is "cruid" otherwise will fail

sudo mount.cifs -vvv //client.fqdn/Publicshare -o sec=krb5,user=pino,cruid=pino,vers=3.1.1 /mnt

return

mount.cifs kernel mount options: ip=192.168.0.2,unc=\client.fqdnPublicshare,sec=krb5,vers=3.1.1,cruid=10003,user=pino,pass=********

If I try the normal password instead of krb5 return error, but with kerberos is more safe, so is not a problem. If you want to write in share, the line is

sudo mount.cifs -vvv //client.fqdn/Publicshare -o sec=krb5,user=pino,cruid=pino,vers=3.1.1,forceuid,forcegid,uid=$(id -u pino),gid=$(id -g pino) /mnt