similar to: Samba4 and NVSv4

Hi Folks I'm trying to share user home directories hosted on a Samba-4 member server via NFSv4. Everything's working well with the Windows shares but when it comes to kerberized NFSv4 it fails. I can't even mount the home root directory via nfs on the server itself ("mount.nfsv4: access denied by server while mounting ..."). As far as I have tracked it down, it appears to

Hi Marcel thx. for your fast response. I didn't manage to follow up sooner. I had already verbose logging turned on but I don't seem to find the real reason, why the domain controller searchs for a userPrincipalName instead of servicePrincipalName. Because I wasn't sure whether it is the nfs client process or the server process that failed to get the kerberos ticket when I tried the

Good morning Marco and others. > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: dinsdag 23 oktober 2018 18:58 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Again NFSv4 and Kerberos at the 'samba way'... > > > Sorry, i come back to this topic in a different thread,

Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups

Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel? Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly. You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups

Hi, I'm trying to use wildcard in keytab because i don't want join every computer, client for service NFS krb5. I add a spn like this # samba-tool spn add host/* nfs (I create user nfs before) # samba-tool spn list nfs nfs User CN=nfs,CN=Users,DC=if,DC=ujf-grenoble,DC=fr has the following servicePrincipalName: host/* I export keytab : #samba-tool domain exportkeytab

I was used to integrate some linux client in my samba network mounting homes with 'unix extensions = yes', and works as expected, at least with some old lubuntu derivatives. Client side i use 'pam_mount'. Now i'm working on a ubuntu mate derivative, and i've not found a way to start the session properly in CIFS. If i create a plain local home (pam_mkhome), session start as

Hi list, Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1? I set up Kerberos and NFS but get several erros "Warning: rpc.gssd appears not to be running. mount.nfs4: Permission denied" Is this an CentOS oder an config problem? Greetings Sebastian -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type:

Hi, I'm trying to set up NFSv4 on two boxes (centos 5.5) and have it authenticate against our Windows 2008R2 AD server acting as the KDC. (samba/winbind is running ok with "idmap config MYCOMPANY: backend = rid" so we have identical ids across the servers.) I can mount my test directory fine via NFSv4 *without* the sec=krb5 option. However, once I put the sec=krb5 option in,

Hello, I've got a little problem with NFSv4 + Kerberos. I can do a mount with Kerberos with a valid ticket, but read-only. After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/ I can see: #klist: Feb 6 07:22:47 Feb 6 17:22:43 nfs/nfsserver at my.domain #/var/heimdal/kdc.log: 2013-02-06T07:28:26 TGS-REQ clientnfs at my.domain from IPv4:192.168.0.23 for nfs/nfsserver at

Thank you for that, i did have a good look at that one. And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled. And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny

Hi All, I'm struggling since weeks to get samba winbind and a kerberized nfs mount running. We have a Netapp SAN exporting the nfs share with sec=krb5 and a Linux Client Ubuntu 10.04 Server trying to access the exported share. Accessing the share without krb5 (sec=sys) works fine. The linux machine is joined to an Windows 2008R2 domain and user/group lookups login via ssh etc. work fine. I

Hai,   Im setting up a new proxy with winbind en kerberos auth. So far everything ok but now im setting up my nfsv4 (with automount with systemd) for my user login on that server.   For the new setup i compaired my old proxy with my new proxy. I noticed the old proxy is missing some attibutes in the AD object.   For example, Samba member1 ( installed as 4.3.x ) upgraded to 4.5.3 here

Hai Marco, > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: vrijdag 26 oktober 2018 11:23 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'... > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > >

Hi All, I'm having a bit of difficulty getting a CentOS 5.5 Kerberized NFSv4 server working. This server is configured as a Winbind client to a Windows 2003 Active Directory. I've successfully bound it to AD and I am able to authenticate. I've successfully created a NFSv4 entry in /etc/exports to export the /exports directory and I can successfully mount a non-Kerberized NFSv4

Hai,   Im setting up a new proxy and im testing a bit around. Goal is, get everyting working with minimal changes to the system.   Setup: Debian 8 with NFS nfsv3 and v4 (krb) automounts,  winbind 4.5.3 , squid 3.5.24 (with ssl support) Which is basicly a copy of my other proxy but a new install with more systemd and less packages used.   Working: -          ssh logins with AD users.

Hi, I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf: use kerberos keytabe = true and as mentioned in man smb.conf i have set in krb5.conf

Hi all, I have setup a CentOS6.3 x86_64 host to act as a nfs server. According to RHEL6 docs, portmap is not needed when you use NFSv4, but in my host I need to start rpcbind service to make NFSv4 works. My /etc/sysconfig/nfs # # Define which protocol versions mountd # will advertise. The values are "no" or "yes" # with yes being the default MOUNTD_NFS_V2="no"

Hai Marco, > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > Sofar, until tomorrow, > > Done some tests, metoo. > > 1) seems that nfs-common is disabled 'by design'. Looking at debian > changelog: > > nfs-utils (1:1.2.8-9.1) unstable; urgency=medium > > Partial sync from ubuntu, included changes: > >

Hai Rowland, Yes, that correct. If you use this in override.conf then its. ( so not a copy of the service file to /etc/systemd ) systemctl edit rpc-gssd.service [Service] ExecStart= ExecStart=/Your/Own/Script/script.sh Note the empty line, without that won the override is NOT working. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: Rowland Penny [mailto:rpenny at