similar to: NFSV4 Client setup problem

Few things, - check your resolv.conf, make sure your Samba AD the first nameservers - check if you resolv.conf search, has, search india.local - is the time in sync with the DC? - on debian, a login as "Administrator" (if mapped to root) wont work. ( or remove the mini - in general, dont give Administrator a UID/GID - in general, dont use Administrator for ssh logins, but thats a

Hello samba team ! I have some NFS4 exports managed by a Samba's Kerberos realm. All the standard user accesses work fine. I try now to setup an NFS4 root access to administer the share from another server (the two host are DC, one PDC and one SDC). But I have trouble understanding the kerberos/principals layer. ------------ Actually I do ------------- -> on the server I create an nfs

Hello, I've got a little problem with NFSv4 + Kerberos. I can do a mount with Kerberos with a valid ticket, but read-only. After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/ I can see: #klist: Feb 6 07:22:47 Feb 6 17:22:43 nfs/nfsserver at my.domain #/var/heimdal/kdc.log: 2013-02-06T07:28:26 TGS-REQ clientnfs at my.domain from IPv4:192.168.0.23 for nfs/nfsserver at

Hai Baptiste, I re-checked my setup and your totaly correct. I can not enter the nfsV4 mounted directory as root. What i've added in idmap.conf Is this : Domain = your_DNS_domain.tld [Translation] Method = nsswitch And i found this link. http://serverfault.com/questions/526762/root-access-to-kerberized-nfsv4-host-on-ubuntu im testing this now. Greetz, Louis >

Hai Batiste, Ok, thanks for these, i'll test that also. And the "why" is a bit more explained here. http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html and per example, http://www.citi.umich.edu/projects/nfsv4/crossrealm/ldap_server_setup.html First my work here, but this is a good one which i also need to adjust in my scripts, so thank you for asking

Thanks you very much Louis ! I have tried your setup and I can't mount the share neither from the server itself or the client. On /var/log/syslog I have : rpc.gssd : ERROR : no credentials found for connecting to server myserver This is because the machine principal is not present in the keytab : $ klist -k 1 nfs/myclient.samdom.com at SAMDOM.COM 1 nfs/myclient.samdom.com at SAMDOM.COM 1

Hi Team, Upgraded samba from 4.7. to 4.9.3. After upgrade unable to mount nfsv4 through krb5 security. smb.conf: [Global] available= yes restrict anonymous= 0 Workgroup= VIKY netbios name= viky realm= VIKY.LOCAL password server= 192.168.1.10, * idmap backend= tdb idmap uid= 5000-9999999 idmap gid= 5000-9999999 idmap config *: backend= rid idmap config *: range= 10000000-19999999 security= ADS

Hi Folks I'm trying to share user home directories hosted on a Samba-4 member server via NFSv4. Everything's working well with the Windows shares but when it comes to kerberized NFSv4 it fails. I can't even mount the home root directory via nfs on the server itself ("mount.nfsv4: access denied by server while mounting ..."). As far as I have tracked it down, it appears to

Hi Rowland, Still issue persists, i have removed passdb backend option from my smb config. i haven't found any passdb.tdb file in private folder. i only see smbpasswd file. whether passwd.tdb file will create automatically? I have created one more setup with samba 4.7 installed to check there is issue in my environment, everything works fine there. Whats the change causing this problem, i

Alessio Cecchi wrote: [...] > Have you already try to run NFSv4? it's in place on a (very) small sample of mailboxes in dbox format, no issues up to now (Debian Wheezy mainline kernel) > When we switch to netapp and nfsv4 we had many problems (lock problems > and instability) and we had to go immediately to NFSv3. I don't know if > was a netapp problem or nfs client (Debian

just a quick update: no issues with NFSv4.0 (load is slowly growing, currently ~7k mailboxes) instead, bad news from delegation front, we enabled it for a couple of days but we ran in ugly issues: processes went in "uninterruptible sleep" state, load average gets huge, reboot was the only escape :-( -brd Alessio Cecchi wrote: > Il 12/06/2015 13:02, brd ha scritto: > >Alessio

I was used to integrate some linux client in my samba network mounting homes with 'unix extensions = yes', and works as expected, at least with some old lubuntu derivatives. Client side i use 'pam_mount'. Now i'm working on a ubuntu mate derivative, and i've not found a way to start the session properly in CIFS. If i create a plain local home (pam_mkhome), session start as

hi all, i'm managing a large installation of a dovecot cluster in director + NFS backend architecture and we are moving from NFSv3 to NFSv4. Our NFS server is a Netapp in clustered mode and reading technical specs of NFSv4 delegation feature it seems that enabling delegation in this type of dovecot architecture should bring great benefits: only one backend server access a specific mailbox at a

Thank you for that, i did have a good look at that one. And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled. And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny

Hi, Just out of curiosity what is in nfsv4 delegation that you think would give a benefit on your configuration? If I read back the thread you seem to have dovecot configured with director ring in front of the backends. In that case Dovecot already manages storage in a way that only one of the backends is accessing each users data at a time. So I can?t see anything but problems form enabling

2015-04-25 16:57 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>: > On 25/04/15 15:44, Daniel Carrasco Mar?n wrote: > >> >> >> On AD server i've linked the kerberos file on samba folder: >> lrwxrwxrwx 1 root root 32 abr 25 16:23 krb5.conf -> >> /var/lib/samba/private/krb5.conf >> >> On client i've the default: >>

Le 31/03/2016 11:44, Rowland penny a écrit : > On 31/03/16 10:04, Service Informatique IF wrote: >> Hi, >> >> I'm trying to use wildcard in keytab because i don't want join every >> computer, client for service NFS krb5. >> >> I add a spn like this >> >> # samba-tool spn add host/* nfs >> >> (I create user nfs before) >>

Samba4 as AD controller. Same samba as domain members. Winbind. Periodically (once in few days) after subject message in winbind logs its stop working and only restart of winbindd helps. Error message: [2015/08/10 13:31:14.410866, 0] ../source3/libads/sasl.c:1025(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: The context has expired : Success smb.conf [global]

Hi Marcel thx. for your fast response. I didn't manage to follow up sooner. I had already verbose logging turned on but I don't seem to find the real reason, why the domain controller searchs for a userPrincipalName instead of servicePrincipalName. Because I wasn't sure whether it is the nfs client process or the server process that failed to get the kerberos ticket when I tried the

I'm trying to setup a simple NFSv4 mount between two x86_64 hosts. On the server, I have this in /etc/exports: /export $CLIENT(ro,fsid=0) /export/qb3 $CLIENT(rw,nohide) ON $CLIENT, I mount via: mount -t nfs4 $SERVER:/qb3 /usr/local/sge62/qb3 However: $ touch /usr/local/sge62/qb3/foo touch: cannot touch `/usr/local/sge62/qb3/foo': Read-only file system I'd really