Hello again,
My mounts are working as described in my earlier posts...
However, I get 'permission denied' when I try to access my home
directory.
Here's my config file:
[global]
??? workgroup = EXAMPLE
??? realm = EXAMPLE.COM
??? security = ADS
??? kerberos method = secrets and keytab
??? dedicated keytab file = /etc/krb5.keytab
??? kerberos method = secrets and keytab
??? winbind use default domain = yes
??? winbind expand groups = 2
??? winbind refresh tickets = Yes
??? winbind enum groups = Yes
??? winbind enum users = Yes
??? idmap config *:backend = tdb
??? idmap config *:range = 200-999
??? idmap config EXAMPLE:backend = ad
??? idmap config EXAMPLE:schema_mode = rfc2307
??? idmap config EXAMPLE:unix_nss_info = yes
??? idmap config EXAMPLE:range = 1100-999999
??? idmap config EXAMPLE:unix_primary_group = yes
??? username map = /etc/samba/user.map
I think I'm almost there... Is there something missing with my ID
mapping??? Do you need to see my /etc/krb5.conf?
Thanks!
On 2021-09-02 10:51 a.m., L.P.H. van Belle via samba
wrote:>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Rowland Penny via samba
>> Verzonden: donderdag 2 september 2021 16:40
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Replacing SSSD with just WINBIND for NFSv4
>>
>> On Thu, 2021-09-02 at 09:53 -0400, Luc Lalonde via samba wrote:
>>> Hello Louis,
>>>
>>> I'm still getting all the info together but I think that
you're
>>> right.
>>>
>>> This directive on the client's configuration should make sure
that
>>> unixHomeDirectory is properly passed along to AutoFS:
>>>
>>>> idmap config DOMAIN : unix_nss_info|
>>> I'm going to do some tests and get back to you!
>>>
>>> Thank You!.
>>>
>> I am getting lost here, I thought that autofs, when using NFS, could
>> only mount what the NFS server is exporting and that is fixed i.e. all
>> users will use /path/to/usersdir from the NFS server. This means that
>> you cannot use different paths for different users, or am I missing
>> something ?
>
> If i read it correctly what Luc showed.
>
> Let say i have as homedir : /usagers1/username
> /usagers1/username Mounts on fs1.example.com:/&
>
> If i change it to /usagers2/username i move to server2
> /usagers2/username Mounts on fs2.example.com:/&
>
> I never used automount like that, but if it works, i'll document it.
> So i wait for Luc his success message :-))
>
> Where if often goes wrong is the missing SPNs, then a user can mount his
homedir
> The quick/dirty fix is root/SPN, but better is nfs/FQ.DN.TLD (@Realm)
>
>
>> I can think of one way around this, but it doesn't involve
>> unixhomedirectory or NFS
> Always ears and open for new ideas :-)
> How would you do this?
>
>
> Greetz,
>
> Louis
>
>
--
Luc Lalonde, analyste
-----------------------------
D?partement de g?nie informatique:
?cole polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20210902/01241056/OpenPGP_signature.sig>