similar to: Windows 2003 AD, Winbind, Kerberos and NFSv4

Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My

Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My

Hi all, I have setup a CentOS6.3 x86_64 host to act as a nfs server. According to RHEL6 docs, portmap is not needed when you use NFSv4, but in my host I need to start rpcbind service to make NFSv4 works. My /etc/sysconfig/nfs # # Define which protocol versions mountd # will advertise. The values are "no" or "yes" # with yes being the default MOUNTD_NFS_V2="no"

I have a problem that is driving me crazy. Our nfs server is running Solaris. Most clients mount directories from it with no problems, but not all. All clients that have problems run CentOS (5.4 and 5.5). I've found one or two of each version that fail, but also a couple of each version that work. The mounting is done for user home directories via autofs but that doesn't seem to make any

Sorry, i come back to this topic in a different thread, because i'm still totally puzzled with the previuous one. Louis, sorry me. ;( I've tried to start with this, that seems very simple: https://wiki.debian.org/NFS/Kerberos And so i've done: a) installed 'nfs-kernel-server' on server, 'nfs-common' on client. Ok, this is easy. b) AFAI've understood i need

Hi list, Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1? I set up Kerberos and NFS but get several erros "Warning: rpc.gssd appears not to be running. mount.nfs4: Permission denied" Is this an CentOS oder an config problem? Greetings Sebastian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type:

Good morning Marco and others. > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: dinsdag 23 oktober 2018 18:58 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Again NFSv4 and Kerberos at the 'samba way'... > > > Sorry, i come back to this topic in a different thread,

Hi Folks I'm trying to share user home directories hosted on a Samba-4 member server via NFSv4. Everything's working well with the Windows shares but when it comes to kerberized NFSv4 it fails. I can't even mount the home root directory via nfs on the server itself ("mount.nfsv4: access denied by server while mounting ..."). As far as I have tracked it down, it appears to

Hi Marcel thx. for your fast response. I didn't manage to follow up sooner. I had already verbose logging turned on but I don't seem to find the real reason, why the domain controller searchs for a userPrincipalName instead of servicePrincipalName. Because I wasn't sure whether it is the nfs client process or the server process that failed to get the kerberos ticket when I tried the

Hi Everyone, I have been trying to setup an NFS v4 File Server but have come across an odd issue. Mounting the /nfs4exports/share appears to be successful and the information displayed about partition size and free space seem correct but if I try to do anything inside the mounted directory the client will just hang. Does anyone have any idea what I am missing?? I have try disabling all

Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups

Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups

Hi, I'm trying to set up NFSv4 on two boxes (centos 5.5) and have it authenticate against our Windows 2008R2 AD server acting as the KDC. (samba/winbind is running ok with "idmap config MYCOMPANY: backend = rid" so we have identical ids across the servers.) I can mount my test directory fine via NFSv4 *without* the sec=krb5 option. However, once I put the sec=krb5 option in,

Hai Batiste, Ok, thanks for these, i'll test that also. And the "why" is a bit more explained here. http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html and per example, http://www.citi.umich.edu/projects/nfsv4/crossrealm/ldap_server_setup.html First my work here, but this is a good one which i also need to adjust in my scripts, so thank you for asking

Hi, I've a SAMBA4 AD Domain that works nicely. All my W7 joined perfectly and all my Linux clients authenticates against kerberos part of SAMBA. All work perfectly, now I'm trying to secure my NFS mounts by using kerberos part of SAMBA. My NFS server works and I can mount NFS4 exports without kerberos (and without problem ;-) ), but when I want to mount a gss/krb5 export on a linux

Hai Marco, > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > Sofar, until tomorrow, > > Done some tests, metoo. > > 1) seems that nfs-common is disabled 'by design'. Looking at debian > changelog: > > nfs-utils (1:1.2.8-9.1) unstable; urgency=medium > > Partial sync from ubuntu, included changes: > >

Hai Baptiste, I re-checked my setup and your totaly correct. I can not enter the nfsV4 mounted directory as root. What i've added in idmap.conf Is this : Domain = your_DNS_domain.tld [Translation] Method = nsswitch And i found this link. http://serverfault.com/questions/526762/root-access-to-kerberized-nfsv4-host-on-ubuntu im testing this now. Greetz, Louis >

Hello samba team ! I have some NFS4 exports managed by a Samba's Kerberos realm. All the standard user accesses work fine. I try now to setup an NFS4 root access to administer the share from another server (the two host are DC, one PDC and one SDC). But I have trouble understanding the kerberos/principals layer. ------------ Actually I do ------------- -> on the server I create an nfs

It's probably difting slightly off the topic, but I know that there are some people listening here, who have a decent expertise. I'm trying to setup a file server (nfs4 at ad.domain) and mount from a client (hunin at ad.domain) using the user database and especially Kerberos provided by my AD (samba at ad.domain). It already works nicely, if I forget about krb5, i.e. idmapd is

Thanks you very much Louis ! I have tried your setup and I can't mount the share neither from the server itself or the client. On /var/log/syslog I have : rpc.gssd : ERROR : no credentials found for connecting to server myserver This is because the machine principal is not present in the keytab : $ klist -k 1 nfs/myclient.samdom.com at SAMDOM.COM 1 nfs/myclient.samdom.com at SAMDOM.COM 1