search for: need_svcgssd

I was used to integrate some linux client in my samba network mounting homes with 'unix extensions = yes', and works as expected, at least with some old lubuntu derivatives. Client side i use 'pam_mount'. Now i'm working on a ubuntu mate derivative, and i've not found a way to start the session properly in CIFS. If i create a plain local home (pam_mkhome), session start as

...kt_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > > permitted_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > > > > # Server settings for NFSv4 > > sed -i 's/NEED_SVCGSSD=""/NEED_SVCGSSD="yes"/g' > /etc/default/nfs-kernel-server > > sed -i 's/NEED_STATD=/NEED_STATD=no/g' /etc/default/nfs-common > > sed -i 's/NEED_IDMAPD=/NEED_IDMAPD=yes/g' /etc/default/nfs-common > > sed -i 's/NEED_GSSD=/NEED_GSSD=yes...

...rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 # Server settings for NFSv4 sed -i 's/NEED_SVCGSSD=""/NEED_SVCGSSD="yes"/g' /etc/default/nfs-kernel-server sed -i 's/NEED_STATD=/NEED_STATD=no/g' /etc/default/nfs-common sed -i 's/NEED_IDMAPD=/NEED_IDMAPD=yes/g' /etc/default/nfs-common sed -i 's/NEED_GSSD=/NEED_GSSD=yes/g' /etc/default/nfs-common Idm...

...; default_tkt_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > permitted_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > > # Server settings for NFSv4 > sed -i 's/NEED_SVCGSSD=""/NEED_SVCGSSD="yes"/g' > /etc/default/nfs-kernel-server > sed -i 's/NEED_STATD=/NEED_STATD=no/g' /etc/default/nfs-common > sed -i 's/NEED_IDMAPD=/NEED_IDMAPD=yes/g' /etc/default/nfs-common > sed -i 's/NEED_GSSD=/NEED_GSSD=yes/g' /etc/de...

Hi, is it possible to create a Samba share with full Windows ACL support based on a mounted NFS share? What is needed e.g. as NFS mount options? Regards Tim

...Member, then yes, correct, and with kerberos method = secrets and keytab < preffered. Or kerberos method = keytab Its automatily added to the keytab file. ( which i preffer ) But you only need todo 1 of these 2. ( b or c ) > > d) configure server settings: > sed -i 's/NEED_SVCGSSD=""/NEED_SVCGSSD="yes"/g' /etc/default/nfs-kernel-server > sed -i 's/NEED_STATD=/NEED_STATD=no/g' /etc/default/nfs-common > sed -i 's/NEED_IDMAPD=/NEED_IDMAPD=yes/g' /etc/default/nfs-common > sed -i 's/NEED_GSSD=/NEED_GSSD=yes/g' /etc/d...

Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups

Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups

...### Below are the client and server configs. # Samba/winbind joined, and you need to add the NFS spn to the keytab file and AD. ### Server1 (NFS SERVER SPN setup) net ads keytab add_update_ads nfs/$(hostname -f) -U Administrator ### Server1 (NFS exports setup) # /etc/default/nfs-kernel-server NEED_SVCGSSD="yes" ### Server1 and 2 (NFS Server and client) ! only need if you setup as shown on server 1. /etc/default/nfs-common NEED_STATD="yes" STATDOPTS="no" NEED_IDMAPD="yes" NEED_GSSD="yes" ### Server 1 (NFS export setup) # create the nfs shared folde...

Hi everyone, I have a samba DC, let's call it dc1.ad.example.com. I have two members of the domain - server1.ad.example.com and server2.ad.example.com.?? They are not running smbd and winbind. Instead, they are running SSSD with AD backend. I want to create an NFSv4 export on server1.ad.example.com and mount it on server2.ad.example.com (say, sec=krb5). I found some instructions online

Hi, Thank you for replying. User home directory creation is working without the need to edit /etc/pam.d/common-session The logon script I mentioned here is a in-house script to handle directory mounting for file server access, and create shortcut on the account desktop for different logins. On my Linux machines, currently all is done manually by local user account creation and by adding the

Hai Batiste, Ok, thanks for these, i'll test that also. And the "why" is a bit more explained here. http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html and per example, http://www.citi.umich.edu/projects/nfsv4/crossrealm/ldap_server_setup.html First my work here, but this is a good one which i also need to adjust in my scripts, so thank you for asking