search for: krb5p

Displaying 20 results from an estimated 39 matches for "krb5p".

Did you mean: krb5
2009 Mar 09
2
Nfs4 with kerberos freezing system
Hello, I have a CentOS 5.2 server that exports /home on the local network for 2 users by secure nfs4 with kerberos krb5p. The clients are a notebook and a desktop pc. The following error is always reproducible on all clients. If running the clients on high load, that means for example 5 firefox windows open and connected with www pages from the internet, installing the new qt development environmet on the nfs4 share...
2014 Jan 06
0
nfs client kerberos cache
...s client = nfsclient1.example.com NFS version 4 is used and the appropriate Kerberos principal has been created in IPA: [root at nfs1 ~]# ipa service-show nfs/nfs1.example.com at EXAMPLE.COM Principal: nfs/nfs1.example.com at EXAMPLE.COM Keytab: True Managed by: nfs1.example.com Mounting using krb5p works: [root at nfsclient1 ~]# mount -v -t nfs -o sec=krb5p nfs1.example.com:/exports/homes/ /mnt mount.nfs: timeout set for Mon Jan 6 21:25:56 2014 mount.nfs: trying text-based options 'sec=krb5p,vers=4,addr=192.168.12.172,clientaddr=192.168.12.173' nfs1.example.com:/exports/homes/ on...
2014 Jan 13
0
[resolved ]nfs client kerberos cache
...4 is used and the appropriate Kerberos principal has been > created in IPA: > > [root at nfs1 ~]# ipa service-show nfs/nfs1.example.com at EXAMPLE.COM > > Principal: nfs/nfs1.example.com at EXAMPLE.COM > Keytab: True > Managed by: nfs1.example.com > > > Mounting using krb5p works: > > [root at nfsclient1 ~]# mount -v -t nfs -o sec=krb5p > nfs1.example.com:/exports/homes/ /mnt > > mount.nfs: timeout set for Mon Jan 6 21:25:56 2014 > mount.nfs: trying text-based options > 'sec=krb5p,vers=4,addr=192.168.12.172,clientaddr=192.168.12.173' >...
2013 Feb 07
4
NFSv4 + Kerberos permission denied
...192.168.0.21.kerberos-sec > nfsclient.61011: I got "Permission denied" message when I try to mkdir or rm. As a root mount and as a user mount (sysctl vfs.usermounts=1). With -sec=sys it works read-write, but with -sec=krb5 read-only.. my /etc/exports: V4: /export_test -sec=krb5:krb5i:krb5p -network 192.168.0.0 -mask 255.255.255.0 /export_test -sec=krb5:krb5i:krb5p -network 192.168.0.0 -mask 255.255.255.0 -maproot=root -alldirs tried with V4: / .... as well. Added all the principals needed. Tried also with full qualified domain names. SSH works fine with Kerberos Do I need rpcsec_g...
2018 Oct 09
10
NFSv4, homes, Kerberos...
I was used to integrate some linux client in my samba network mounting homes with 'unix extensions = yes', and works as expected, at least with some old lubuntu derivatives. Client side i use 'pam_mount'. Now i'm working on a ubuntu mate derivative, and i've not found a way to start the session properly in CIFS. If i create a plain local home (pam_mkhome), session start as
2013 Feb 14
1
NFS resources, how to check version
...are separate lines: v3 and v4) and on the client side, is it possible to check which version is exported or mounted? something like % showmount -e nfsserver Is forcing mount to use nfsv4 100% sure? (mount -t nfs -o nfsv4 ....) and btw. Is forcing mount to use -sec=krb5 (with -sec=sys:krb5:krb5i:krb5p in /etc/exports) also 100% sure? because it mounts and doesn't give ticket for nfs/nfsserver. So, I guess if -sec=krb5 is not available, it mounts with -sec=sys, right? With -sec=krb5:krb5i:krb5p in /etc/exports it doesn't mount. I am wondering if you force -o nfsv4, it wouldn't mount i...
2018 Oct 10
1
NFSv4, homes, Kerberos...
...> > > > kinit Administrator > > net ads keytab add nfs/hostname1.internal.domain.tld at YOUR.REALM -k > > > > # The NFS server. /etc/exports cointains now. > > /srv > 192.168.0.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check,sec=sy > s:krb5:krb5i:krb5p) > > /srv/backups > 192.168.0.0/24(rw,sync,no_subtree_check,sec=sys:krb5:krb5i:krb5p) > > > > > > # For the Clients. > > apt-get install nfs-common > > > > kinit Administrator > > # Todo on the NFSv4 client > > net ads keytab add nfs/host...
2020 Jul 24
0
samba4 kerberized nfs4 with sssd ad client
...acl xattr nfs-common nfs-kernel-server nfs4-acl-tools krb5-user NFS client: apt install winbind acl xattr nfs-common nfs4-acl-tools krb5-user Example Setup NFS SERVER on server1. ### Example /etc/exports /exports 192.168.0.0/24(rw,sync,fsid=0,no_subtree_check,crossmnt,sec=sys:krb5:krb5i:krb5p) /exports/users 192.168.0.0/24(rw,sync,no_subtree_check,sec=sys:krb5:krb5i:krb5p) With these options sec=sys:krb5:krb5i:krb5p You can setup with any other server with or without kerberos, if it didnt work, try sec=sys in a client, if that works, well, then you setup needs fixing somewhere. DN...
2020 Jul 24
4
samba4 kerberized nfs4 with sssd ad client
Hi everyone, I have a samba DC, let's call it dc1.ad.example.com. I have two members of the domain - server1.ad.example.com and server2.ad.example.com.?? They are not running smbd and winbind. Instead, they are running SSSD with AD backend. I want to create an NFSv4 export on server1.ad.example.com and mount it on server2.ad.example.com (say, sec=krb5). I found some instructions online
2020 Nov 10
4
nfs root kerberos
Hi Louis, Thanks for your message. However, I already have NFS working completely. I'm only trying to work out root NFS access on the client.? I tried your NFS translation fix via idmapd.conf? but that isn't working for me. I've discovered that's because CentOS 7 is using gssproxy so apparently your fix won't work. The fix from Red Hat (adding some lines to krb.conf seen in my
2018 Oct 09
0
NFSv4, homes, Kerberos...
...in [general] Domain = internal.domain.tld Local-Realm = YOUR.REALM kinit Administrator net ads keytab add nfs/hostname1.internal.domain.tld at YOUR.REALM -k # The NFS server. /etc/exports cointains now. /srv 192.168.0.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check,sec=sys:krb5:krb5i:krb5p) /srv/backups 192.168.0.0/24(rw,sync,no_subtree_check,sec=sys:krb5:krb5i:krb5p) # For the Clients. apt-get install nfs-common kinit Administrator # Todo on the NFSv4 client net ads keytab add nfs/hostname2.internal.domain.tld at REALM -k sed -i 's/NEED_STATD=/NEED_STATD=no/g' /etc/d...
2018 Oct 10
0
NFSv4, homes, Kerberos...
...; Local-Realm = YOUR.REALM > > kinit Administrator > net ads keytab add nfs/hostname1.internal.domain.tld at YOUR.REALM -k > > # The NFS server. /etc/exports cointains now. > /srv > 192.168.0.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check,sec=sy > s:krb5:krb5i:krb5p) > /srv/backups > 192.168.0.0/24(rw,sync,no_subtree_check,sec=sys:krb5:krb5i:krb5p) > > > # For the Clients. > apt-get install nfs-common > > kinit Administrator > # Todo on the NFSv4 client > net ads keytab add nfs/hostname2.internal.domain.tld at REALM -k &gt...
2020 Nov 11
2
nfs root kerberos
...> https://access.redhat.com/documentation/en-us/red_hat_enterpri > se_linux/5/html/deployment_guide/s1-nfs-server-config-exports > > > > This is how my export looks. > > /exports > 192.168.0.0/24(rw,sync,fsid=0,no_subtree_check,crossmnt,sec=sy > s:krb5:krb5i:krb5p) > > /exports/users > 192.168.0.0/24(rw,sync,no_subtree_check,sec=sys:krb5:krb5i:krb5p) > > > > I hope this helps you out. > > > > > > Greetz, > > > > Louis > > > > > >> -----Oorspronkelijk bericht----- > >> Van: sa...
2020 Nov 10
0
nfs root kerberos
...id you define the pseudo NFS4 root. Examples here. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-nfs-server-config-exports This is how my export looks. /exports 192.168.0.0/24(rw,sync,fsid=0,no_subtree_check,crossmnt,sec=sys:krb5:krb5i:krb5p) /exports/users 192.168.0.0/24(rw,sync,no_subtree_check,sec=sys:krb5:krb5i:krb5p) I hope this helps you out. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: dinsdag 10 novemb...
2018 Oct 11
2
NFSv4, homes, Kerberos...
...ALM = root I've mapped a server (user=computer$ ) to root. But i do advice start without this, its kind of a 'last resort' to try to make something work. > > e) defined export dirs > /srv 192.168.0.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check,sec=sys:krb5:krb5i:krb5p) > /srv/backups 192.168.0.0/24(rw,sync,no_subtree_check,sec=sys:krb5:krb5i:krb5p) Yes, for the server only. Based on the /home/users example above can be 2 diffent setups. 1) as shown above /srv 192.168.0.0/24(rw,sync,fsid=0,crossmnt,no_subtree_check,sec=sys:krb5:krb5i:krb5p) /sr...
2019 Aug 21
3
winbind on DC : how use gidNumber instead of primaryGroupID as user's primary group
...d not notice somethings wrong neither in Linux or Windows > > client. > ? Uhm, samba-tool does have the option to add uid/gids. > > I can recall our conversation years ago for jessi with nfsv4. > These days setting up nfsv4 is easy. > I these days have NFSv4 with sys,krb5,krb5i,krb5p working > *example, ssh SSO logins and automounted krb5p and protected homedirs, which even root can not enter. > I'll work this out in the howto's im updating/writing atm for Debian Buster. > This might take some time, because it will be the full setup of how im running things. &g...
2020 Nov 11
0
nfs root kerberos
...dhat.com/documentation/en-us/red_hat_enterpri >> se_linux/5/html/deployment_guide/s1-nfs-server-config-exports >> > >> > This is how my export looks. >> > /exports >> 192.168.0.0/24(rw,sync,fsid=0,no_subtree_check,crossmnt,sec=sy >> s:krb5:krb5i:krb5p) >> > /exports/users >> 192.168.0.0/24(rw,sync,no_subtree_check,sec=sys:krb5:krb5i:krb5p) >> > >> > I hope this helps you out. >> > >> > >> > Greetz, >> > >> > Louis >> > >> > >> >> -----O...
2018 Oct 09
0
NFSv4, homes, Kerberos...
...## NFS SERVER ## For NfsV4 server, with kerberos homes', that stopped working somewhere in jessie. You can set in the nfs server to support all settings so you can test when needed. In /etc/exports /exports 192.168.0.0/24(rw,sync,fsid=0,no_subtree_check,crossmnt,sec=sys:krb5:krb5i:krb5p) /exports/users 192.168.0.0/24(rw,sync,no_subtree_check,sec=sys:krb5:krb5i:krb5p) With in systemd the following : cat /etc/systemd/system/exports-users.mount [Unit] Description=NFS export (/exports/users) Wants=network-online.target [Mount] What=/home/samba/users Where=/exports/users Type=none...
2019 Aug 20
0
winbind on DC : how use gidNumber instead of primaryGroupID as user's primary group
...nd Samba > shares. I did not notice somethings wrong neither in Linux or Windows > client. ? Uhm, samba-tool does have the option to add uid/gids. I can recall our conversation years ago for jessi with nfsv4. These days setting up nfsv4 is easy. I these days have NFSv4 with sys,krb5,krb5i,krb5p working *example, ssh SSO logins and automounted krb5p and protected homedirs, which even root can not enter. I'll work this out in the howto's im updating/writing atm for Debian Buster. This might take some time, because it will be the full setup of how im running things. .. I might spe...
2019 Apr 26
4
Configured AD backend but getting different uid and gid
Hi, Thank you for replying. User home directory creation is working without the need to edit /etc/pam.d/common-session The logon script I mentioned here is a in-house script to handle directory mounting for file server access, and create shortcut on the account desktop for different logins. On my Linux machines, currently all is done manually by local user account creation and by adding the