Displaying 20 results from an estimated 10000 matches similar to: "Samba4 and NVSv4"
2016 Nov 28
2
Samba and kerberized NFSv4
Hi Folks
I'm trying to share user home directories hosted on a Samba-4 member
server via NFSv4. Everything's working well with the Windows shares but
when it comes to kerberized NFSv4 it fails. I can't even mount the home
root directory via nfs on the server itself ("mount.nfsv4: access denied
by server while mounting ...").
As far as I have tracked it down, it appears to
2016 Dec 02
4
Samba and kerberized NFSv4
Hi Marcel
thx. for your fast response. I didn't manage to follow up sooner. I had already verbose logging turned on but I don't seem to find the real reason, why the domain controller searchs for a userPrincipalName instead of servicePrincipalName.
Because I wasn't sure whether it is the nfs client process or the server process that failed to get the kerberos ticket when I tried the
2018 Oct 24
5
Again NFSv4 and Kerberos at the 'samba way'...
Good morning Marco and others.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: dinsdag 23 oktober 2018 18:58
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
>
>
> Sorry, i come back to this topic in a different thread,
2013 Jun 20
2
Samba4 and NFSv4
Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups
2013 Jun 20
2
Samba4 and NFSv4
Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups
2016 Mar 31
5
NFSv4 / Krb / wildcard in keytab
Hi,
I'm trying to use wildcard in keytab because i don't want join every
computer, client for service NFS krb5.
I add a spn like this
# samba-tool spn add host/* nfs
(I create user nfs before)
# samba-tool spn list nfs
nfs
User CN=nfs,CN=Users,DC=if,DC=ujf-grenoble,DC=fr has the following
servicePrincipalName:
host/*
I export keytab :
#samba-tool domain exportkeytab
2018 Oct 09
10
NFSv4, homes, Kerberos...
I was used to integrate some linux client in my samba network mounting
homes with 'unix extensions = yes', and works as expected, at least
with some old lubuntu derivatives. Client side i use 'pam_mount'.
Now i'm working on a ubuntu mate derivative, and i've not found a way
to start the session properly in CIFS.
If i create a plain local home (pam_mkhome), session start as
2008 May 29
2
Config for NFSv4 an Kerberos on CentOS 5.1
Hi list,
Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
I set up Kerberos and NFS but get several erros
"Warning: rpc.gssd appears not to be running.
mount.nfs4: Permission denied"
Is this an CentOS oder an config problem?
Greetings
Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type:
2012 Apr 23
2
Windows 2008R2 AD, kerberos, NFSv4
Hi,
I'm trying to set up NFSv4 on two boxes (centos 5.5) and have it
authenticate against our Windows 2008R2 AD server acting as the KDC.
(samba/winbind is running ok with "idmap config MYCOMPANY: backend = rid"
so we have identical ids across the servers.)
I can mount my test directory fine via NFSv4 *without* the sec=krb5 option.
However, once I put the sec=krb5 option in,
2013 Feb 07
4
NFSv4 + Kerberos permission denied
Hello,
I've got a little problem with NFSv4 + Kerberos. I can do a mount with
Kerberos with a valid ticket, but read-only.
After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/
I can see:
#klist:
Feb 6 07:22:47 Feb 6 17:22:43 nfs/nfsserver at my.domain
#/var/heimdal/kdc.log:
2013-02-06T07:28:26 TGS-REQ clientnfs at my.domain from IPv4:192.168.0.23
for nfs/nfsserver at
2018 Oct 10
1
NFSv4, homes, Kerberos...
Thank you for that, i did have a good look at that one.
And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine.
Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled.
And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny
2012 Feb 13
1
Samba winbind and nfsv4 krb5
Hi All,
I'm struggling since weeks to get samba winbind and a kerberized nfs mount running. We have a Netapp SAN exporting the nfs share with sec=krb5 and a Linux Client Ubuntu 10.04 Server trying to access the exported share. Accessing the share without krb5 (sec=sys) works fine. The linux machine is joined to an Windows 2008R2 domain and user/group lookups login via ssh etc. work fine.
I
2017 Jan 18
1
AD attibutes of the (in this case) member servers differences.
Hai,
Im setting up a new proxy with winbind en kerberos auth.
So far everything ok but now im setting up my nfsv4 (with automount with systemd) for my user login on that server.
For the new setup i compaired my old proxy with my new proxy.
I noticed the old proxy is missing some attibutes in the AD object.
For example,
Samba member1 ( installed as 4.3.x ) upgraded to 4.5.3 here
2018 Oct 26
3
Again NFSv4 and Kerberos at the 'samba way'...
Hai Marco,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Marco Gaiarin via samba
> Verzonden: vrijdag 26 oktober 2018 11:23
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
>
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
>
2010 Jul 02
2
Windows 2003 AD, Winbind, Kerberos and NFSv4
Hi All,
I'm having a bit of difficulty getting a CentOS 5.5 Kerberized NFSv4
server working. This server is configured as a Winbind client to a
Windows 2003 Active Directory. I've successfully bound it to AD and I am
able to authenticate. I've successfully created a NFSv4 entry in
/etc/exports to export the /exports directory and I can successfully mount
a non-Kerberized NFSv4
2017 Feb 01
1
winbind question. (challenge/response password authentication)
Hai,
Im setting up a new proxy and im testing a bit around.
Goal is, get everyting working with minimal changes to the system.
Setup: Debian 8 with NFS nfsv3 and v4 (krb) automounts, winbind 4.5.3 , squid 3.5.24 (with ssl support)
Which is basicly a copy of my other proxy but a new install with more systemd and less packages used.
Working:
- ssh logins with AD users.
2008 Apr 02
3
Urgent... winbind and keytab file creation
Hi,
I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf:
use kerberos keytabe = true
and as mentioned in man smb.conf i have set in krb5.conf
2012 Oct 24
2
Why portmap is needed for NFSv4 in CentOS6
Hi all,
I have setup a CentOS6.3 x86_64 host to act as a nfs server.
According to RHEL6 docs, portmap is not needed when you use NFSv4, but
in my host I need to start rpcbind service to make NFSv4 works.
My /etc/sysconfig/nfs
#
# Define which protocol versions mountd
# will advertise. The values are "no" or "yes"
# with yes being the default
MOUNTD_NFS_V2="no"
2018 Oct 31
12
Again NFSv4 and Kerberos at the 'samba way'...
Hai Marco,
>
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
>
> > Sofar, until tomorrow,
>
> Done some tests, metoo.
>
> 1) seems that nfs-common is disabled 'by design'. Looking at debian
> changelog:
>
> nfs-utils (1:1.2.8-9.1) unstable; urgency=medium
>
> Partial sync from ubuntu, included changes:
>
>
2018 Nov 06
3
Again NFSv4 and Kerberos at the 'samba way'...
Hai Rowland,
Yes, that correct.
If you use this in override.conf then its. ( so not a copy of the service file to /etc/systemd )
systemctl edit rpc-gssd.service
[Service]
ExecStart=
ExecStart=/Your/Own/Script/script.sh
Note the empty line, without that won the override is NOT working.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Rowland Penny [mailto:rpenny at