Hi
openSUSE 12.1 server and client.
I can't get the s4 fileserver nor uid:gid mappings working with s4. I
used nfs and idmapd instead. It's working, but I've a couple of qns.
1. Server fqdn hh3.hh3.site Samba 4, DNS and NFS4
I set up the nfs server with GSSAPI as in this screenshot:
http://2.bp.blogspot.com/-IspbLnfxizc/Txsp-Z1z1tI/AAAAAAAAADk/lsgel498elg/s1600/yastnfs1.png
The nfs server would not start until I had made a nfs principal and
stuck it in the keytab. Then I could mount the share and users were
mapped correctly, home directory permissions OK etc. (I'd previously
adder Linux attributes to LDAP). Everything fine so far.
klist -k /etc/krb5.keytab
1 nfs/hh3.hh3.site at HH3.SITE
1 nfs/hh3.hh3.site at HH3.SITE
1 nfs/hh3.hh3.site at HH3.SITE
2. Client. fqdn hh6.hh3.site, Samba 3.6 smb.conf:
workgroup = CACTUS
realm = HH3.SITE
security = ADS
kerberos method = system keytab
Join the domain:
net ads join -U Administrator
net ads keytab add nfs
klist -k /etc/krb5.keytab
1 host/hh6.hh3.site at HH3.SITE
1 host/hh6.hh3.site at HH3.SITE
1 host/hh6.hh3.site at HH3.SITE
1 host/hh6 at HH3.SITE
1 host/hh6 at HH3.SITE
1 host/hh6 at HH3.SITE
1 HH6$@HH3.SITE
1 HH6$@HH3.SITE
1 HH6$@HH3.SITE
1 nfs/hh6.hh3.site at HH3.SITE
1 nfs/hh6.hh3.site at HH3.SITE
1 nfs/hh6.hh3.site at HH3.SITE
1 nfs/hh6 at HH3.SITE
1 nfs/hh6 at HH3.SITE
1 nfs/hh6 at HH3.SITE
mount -t nfs4 hh3:/ /home
Amazingly still OK. Samba 4 users can login, get correctly mapped files,
edit etc.
I now mv the keytab and recreate it _without_ nfs. It still mounts!
Why does the server(s4) need the nfs principal but the client(s3) not?
How can I tell if Kerberos is working?
Cheers,
Steve
