similar to: kerberized-nfs - any experts out there?

Matt Garman wrote: > Is anyone on the list using kerberized-nfs on any kind of scale? > We use it here. I don't think I'm an expert - my manager is - but let me think about your issues. <snip> > Just to give a little insight into our issues: we have an > in-house-developed compute job dispatching system. Say a user has > 100s of analysis jobs he wants to run, he

Hi everyone, I have a samba DC, let's call it dc1.ad.example.com. I have two members of the domain - server1.ad.example.com and server2.ad.example.com.?? They are not running smbd and winbind. Instead, they are running SSSD with AD backend. I want to create an NFSv4 export on server1.ad.example.com and mount it on server2.ad.example.com (say, sec=krb5). I found some instructions online

> > I should have mentioned this earlier, but the users does not exist > > in /etc/passwd, instead they are in LDAP and when they log in to the > > computer they get some Kerberos tickets for the domain and the file > > system. When printing on 14.04 they get another Kerberos ticket for > > the printing system according to "klist" after they have done

Thank you for that, i did have a good look at that one. And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled. And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny

On 03/22/2017 03:26 PM, Matt Garman wrote: > Is anyone on the list using kerberized-nfs on any kind of scale? Not for a good many years. Are you using v3 or v4 NFS? Also, you can probably stuff the rpc.gss* and idmapd services into verbose mode, which may give you a better ideas as to whats going on. And yes, the kernel does some kerberos caching. I think 10 to 15 minutes.

Hello, I've got a little problem with NFSv4 + Kerberos. I can do a mount with Kerberos with a valid ticket, but read-only. After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/ I can see: #klist: Feb 6 07:22:47 Feb 6 17:22:43 nfs/nfsserver at my.domain #/var/heimdal/kdc.log: 2013-02-06T07:28:26 TGS-REQ clientnfs at my.domain from IPv4:192.168.0.23 for nfs/nfsserver at

Hi All, I'm having a bit of difficulty getting a CentOS 5.5 Kerberized NFSv4 server working. This server is configured as a Winbind client to a Windows 2003 Active Directory. I've successfully bound it to AD and I am able to authenticate. I've successfully created a NFSv4 entry in /etc/exports to export the /exports directory and I can successfully mount a non-Kerberized NFSv4

Hello, Is it possible to use Dovecot in a fully kerberized mail system? We have configured authentication via kerberos, now we would like the imap deamon to access a kerberized nfs file system. Has any one any experiences? Regards, Matthew. -- Dr Matthew Williams MEng PhD MBCS Systems Administrator - IT Services - Bangor University Prifysgol Bangor Tel: (44) (0)1248 382414

I have a kerberized SSHD installed on HOST-1, a login server for the outside world. How can I make it so users are still authenticated via kerberos, even though they haven't yet received a ticket? The main reason for this is that a user who is at home, no vpn, but has an ssh client could then login and be authenticated by kerberos using password authentication, get a ticket, then be allowed

I was used to integrate some linux client in my samba network mounting homes with 'unix extensions = yes', and works as expected, at least with some old lubuntu derivatives. Client side i use 'pam_mount'. Now i'm working on a ubuntu mate derivative, and i've not found a way to start the session properly in CIFS. If i create a plain local home (pam_mkhome), session start as

Rowland Penny wrote: > On Sat, 5 Aug 2017 15:29:54 +0200 > Van Svensson via samba <samba at lists.samba.org> wrote: > > > Rowland Penny wrote: > > > > > On Sat, 5 Aug 2017 14:44:34 +0200 > > > Van Svensson via samba <samba at lists.samba.org> wrote: > > > > > > > Rowland Penny wrote: > > > > > > >

Hi Matt- Thank you for this very detailed and thoughtful reply. On Fri, Oct 21, 2016 at 4:43 PM, Matt Garman <matthew.garman at gmail.com> wrote: > On Fri, Oct 21, 2016 at 4:14 AM, Larry Martell <larry.martell at gmail.com> wrote: >> We have 1 system ruining Centos7 that is the NFS server. There are 50 >> external machines that FTP files to this server fairly

We have 1 system ruining Centos7 that is the NFS server. There are 50 external machines that FTP files to this server fairly continuously. We have another system running Centos6 that mounts the partition the files are FTP-ed to using NFS. There is a python script running on the NFS client machine that is reading these files and moving them to a new dir on the same file system (a mv not a cp).

Hi, Thank you for replying. User home directory creation is working without the need to edit /etc/pam.d/common-session The logon script I mentioned here is a in-house script to handle directory mounting for file server access, and create shortcut on the account desktop for different logins. On my Linux machines, currently all is done manually by local user account creation and by adding the

Depending on the OS. Below is tested/in production since samba 4.9.x and debian stretch Currently running buster with samba 4.12.5 with samba and AD-Backends. All users have UID assigned, and "Domain Users". This is really easy on any setup with systemd systems with samba and winbind. I'll show how easy this is for any debian/ubuntu related system but using systemd, maybe you

Hi all, I failed to map my network drive my,password is not accepted from windows XP using Kerberized Samba3.0. My server is Red Hat Enterprise Linux. Can some one help with the basic steps in mapping network drive from Windows XP? Or basic configuration with Kerberos 5. I am new to Kerberos 5. Zakaria __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File

Hi Folks I'm trying to share user home directories hosted on a Samba-4 member server via NFSv4. Everything's working well with the Windows shares but when it comes to kerberized NFSv4 it fails. I can't even mount the home root directory via nfs on the server itself ("mount.nfsv4: access denied by server while mounting ..."). As far as I have tracked it down, it appears to

Hello, I have a CentOS 5.2 server that exports /home on the local network for 2 users by secure nfs4 with kerberos krb5p. The clients are a notebook and a desktop pc. The following error is always reproducible on all clients. If running the clients on high load, that means for example 5 firefox windows open and connected with www pages from the internet, installing the new qt development

Hi, I'm currently attempting to setup a Linux Samba and Kerberized NFS server using a Windows 2008 R2 Domain controller as a KDC and I've run into an issue. Currently I can make Kerberized NFS or Samba fileserving work but not both at the same time. Specifically: The Linux kerberized NFS daemon (rpc.svcgssd) appears to only be able to deal with service tickets up to a certain size.

> Does it work if you manually add userPrincipalName=CLIENT02.DOMAIN.TLD to your clients ldap entry and reexport the keytab? I already thought about trying that. So by now, I tried tweaking the client's LDAP entry. Adding userPrincipalName=CLIENT02.DOMAIN.TLD does not succeeed, however, after reviewing the ldap filter once again, I added userPrincipalName=nfs/client02.domain.tld at