search for: need_svcgssd

Displaying 12 results from an estimated 12 matches for "need_svcgssd".

2018 Oct 09
10
NFSv4, homes, Kerberos...
I was used to integrate some linux client in my samba network mounting homes with 'unix extensions = yes', and works as expected, at least with some old lubuntu derivatives. Client side i use 'pam_mount'. Now i'm working on a ubuntu mate derivative, and i've not found a way to start the session properly in CIFS. If i create a plain local home (pam_mkhome), session start as
2018 Oct 10
1
NFSv4, homes, Kerberos...
...kt_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > > permitted_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > > > > # Server settings for NFSv4 > > sed -i 's/NEED_SVCGSSD=""/NEED_SVCGSSD="yes"/g' > /etc/default/nfs-kernel-server > > sed -i 's/NEED_STATD=/NEED_STATD=no/g' /etc/default/nfs-common > > sed -i 's/NEED_IDMAPD=/NEED_IDMAPD=yes/g' /etc/default/nfs-common > > sed -i 's/NEED_GSSD=/NEED_GSSD=yes...
2018 Oct 09
0
NFSv4, homes, Kerberos...
...rc4-hmac des-cbc-crc des-cbc-md5 default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 permitted_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 # Server settings for NFSv4 sed -i 's/NEED_SVCGSSD=""/NEED_SVCGSSD="yes"/g' /etc/default/nfs-kernel-server sed -i 's/NEED_STATD=/NEED_STATD=no/g' /etc/default/nfs-common sed -i 's/NEED_IDMAPD=/NEED_IDMAPD=yes/g' /etc/default/nfs-common sed -i 's/NEED_GSSD=/NEED_GSSD=yes/g' /etc/default/nfs-common Idm...
2018 Oct 10
0
NFSv4, homes, Kerberos...
...; default_tkt_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > permitted_enctypes = aes128-cts-hmac-sha1-96 > aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5 > > # Server settings for NFSv4 > sed -i 's/NEED_SVCGSSD=""/NEED_SVCGSSD="yes"/g' > /etc/default/nfs-kernel-server > sed -i 's/NEED_STATD=/NEED_STATD=no/g' /etc/default/nfs-common > sed -i 's/NEED_IDMAPD=/NEED_IDMAPD=yes/g' /etc/default/nfs-common > sed -i 's/NEED_GSSD=/NEED_GSSD=yes/g' /etc/de...
2015 Jan 08
6
Mounted NFS share as Samba share
Hi, is it possible to create a Samba share with full Windows ACL support based on a mounted NFS share? What is needed e.g. as NFS mount options? Regards Tim
2018 Oct 11
2
NFSv4, homes, Kerberos...
...Member, then yes, correct, and with kerberos method = secrets and keytab < preffered. Or kerberos method = keytab Its automatily added to the keytab file. ( which i preffer ) But you only need todo 1 of these 2. ( b or c ) > > d) configure server settings: > sed -i 's/NEED_SVCGSSD=""/NEED_SVCGSSD="yes"/g' /etc/default/nfs-kernel-server > sed -i 's/NEED_STATD=/NEED_STATD=no/g' /etc/default/nfs-common > sed -i 's/NEED_IDMAPD=/NEED_IDMAPD=yes/g' /etc/default/nfs-common > sed -i 's/NEED_GSSD=/NEED_GSSD=yes/g' /etc/d...
2013 Jun 20
2
Samba4 and NFSv4
Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups
2013 Jun 20
2
Samba4 and NFSv4
Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups
2020 Jul 24
0
samba4 kerberized nfs4 with sssd ad client
...### Below are the client and server configs. # Samba/winbind joined, and you need to add the NFS spn to the keytab file and AD. ### Server1 (NFS SERVER SPN setup) net ads keytab add_update_ads nfs/$(hostname -f) -U Administrator ### Server1 (NFS exports setup) # /etc/default/nfs-kernel-server NEED_SVCGSSD="yes" ### Server1 and 2 (NFS Server and client) ! only need if you setup as shown on server 1. /etc/default/nfs-common NEED_STATD="yes" STATDOPTS="no" NEED_IDMAPD="yes" NEED_GSSD="yes" ### Server 1 (NFS export setup) # create the nfs shared folde...
2020 Jul 24
4
samba4 kerberized nfs4 with sssd ad client
Hi everyone, I have a samba DC, let's call it dc1.ad.example.com. I have two members of the domain - server1.ad.example.com and server2.ad.example.com.?? They are not running smbd and winbind. Instead, they are running SSSD with AD backend. I want to create an NFSv4 export on server1.ad.example.com and mount it on server2.ad.example.com (say, sec=krb5). I found some instructions online
2019 Apr 26
4
Configured AD backend but getting different uid and gid
Hi, Thank you for replying. User home directory creation is working without the need to edit /etc/pam.d/common-session The logon script I mentioned here is a in-house script to handle directory mounting for file server access, and create shortcut on the account desktop for different logins. On my Linux machines, currently all is done manually by local user account creation and by adding the
2015 Oct 09
5
kerberos nfs4's principals and root access
Hai Batiste, Ok, thanks for these, i'll test that also. And the "why" is a bit more explained here. http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html and per example, http://www.citi.umich.edu/projects/nfsv4/crossrealm/ldap_server_setup.html First my work here, but this is a good one which i also need to adjust in my scripts, so thank you for asking