similar to: Samba and kerberized NFSv4

Displaying 20 results from an estimated 7000 matches similar to: "Samba and kerberized NFSv4"

2016 Dec 02
4
Samba and kerberized NFSv4
Hi Marcel thx. for your fast response. I didn't manage to follow up sooner. I had already verbose logging turned on but I don't seem to find the real reason, why the domain controller searchs for a userPrincipalName instead of servicePrincipalName. Because I wasn't sure whether it is the nfs client process or the server process that failed to get the kerberos ticket when I tried the
2016 Dec 02
0
Samba and kerberized NFSv4
Am 02.12.2016 um 08:51 schrieb Matthias Kahle via samba: > Hi Marcel > > thx. for your fast response. I didn't manage to follow up sooner. I had already verbose logging turned on but I don't seem to find the real reason, why the domain controller searchs for a userPrincipalName instead of servicePrincipalName. > > Because I wasn't sure whether it is the nfs client
2016 Dec 02
6
Samba and kerberized NFSv4
> Does it work if you manually add userPrincipalName=CLIENT02.DOMAIN.TLD to your clients ldap entry and reexport the keytab? I already thought about trying that. So by now, I tried tweaking the client's LDAP entry. Adding userPrincipalName=CLIENT02.DOMAIN.TLD does not succeeed, however, after reviewing the ldap filter once again, I added userPrincipalName=nfs/client02.domain.tld at
2016 Nov 28
0
Samba and kerberized NFSv4
Am 2016-11-28 07:14, schrieb Matthias Kahle via samba: > Hi Folks Hi Matthias, > I'm trying to share user home directories hosted on a Samba-4 member > server via NFSv4. Everything's working well with the Windows shares but > when it comes to kerberized NFSv4 it fails. I can't even mount the > home > root directory via nfs on the server itself ("mount.nfsv4:
2016 Dec 02
3
Samba and kerberized NFSv4
Am 2016-12-02 12:12, schrieb Rowland Penny via samba: > On Fri, 2 Dec 2016 11:05:50 +0100 > Matthias Kahle via samba <samba at lists.samba.org> wrote: > >> > Does it work if you manually add >> > userPrincipalName=CLIENT02.DOMAIN.TLD to your clients ldap entry >> > and reexport the keytab? >> >> I already thought about trying that. So by now,
2018 Oct 24
5
Again NFSv4 and Kerberos at the 'samba way'...
Good morning Marco and others. > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: dinsdag 23 oktober 2018 18:58 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Again NFSv4 and Kerberos at the 'samba way'... > > > Sorry, i come back to this topic in a different thread,
2013 Jun 05
3
Samba4 and NVSv4
Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My
2013 Jun 05
3
Samba4 and NVSv4
Short story: cannot get Kerberized NFSv4 to work. I've googled a great deal and cannot find where I have goofed (and there sure is a lot of misleading and just plain incorrect information out there), so would appreciate another pair of eyes. NFSv4 without Kerberos does work fine, as does ID mapping. We're using NFSv4 in production with sec=sys, but I'm not happy with that. My
2016 Mar 31
5
NFSv4 / Krb / wildcard in keytab
Hi, I'm trying to use wildcard in keytab because i don't want join every computer, client for service NFS krb5. I add a spn like this # samba-tool spn add host/* nfs (I create user nfs before) # samba-tool spn list nfs nfs User CN=nfs,CN=Users,DC=if,DC=ujf-grenoble,DC=fr has the following servicePrincipalName: host/* I export keytab : #samba-tool domain exportkeytab
2012 Apr 23
2
Windows 2008R2 AD, kerberos, NFSv4
Hi, I'm trying to set up NFSv4 on two boxes (centos 5.5) and have it authenticate against our Windows 2008R2 AD server acting as the KDC. (samba/winbind is running ok with "idmap config MYCOMPANY: backend = rid" so we have identical ids across the servers.) I can mount my test directory fine via NFSv4 *without* the sec=krb5 option. However, once I put the sec=krb5 option in,
2014 Sep 23
2
NFS4 with samba4 AD for authentication
It's probably difting slightly off the topic, but I know that there are some people listening here, who have a decent expertise. I'm trying to setup a file server (nfs4 at ad.domain) and mount from a client (hunin at ad.domain) using the user database and especially Kerberos provided by my AD (samba at ad.domain). It already works nicely, if I forget about krb5, i.e. idmapd is
2016 Dec 02
0
Samba and kerberized NFSv4
Hi Matthias, adding (or better replacing) the userPrincipalName attribute with the nfs/* one, is exactly what you need to do. For some reason the NFS client's request *only* matches the userPrincipalName attribute, while all other services I tried so far are fine when matching one of the values in servicePrincipalName attribute. NFS seems to be a very special kind of kerberos service as it
2016 Dec 02
0
Samba and kerberized NFSv4
On Fri, 2 Dec 2016 11:05:50 +0100 Matthias Kahle via samba <samba at lists.samba.org> wrote: > > Does it work if you manually add > > userPrincipalName=CLIENT02.DOMAIN.TLD to your clients ldap entry > > and reexport the keytab? > > I already thought about trying that. So by now, I tried tweaking the > client's LDAP entry. > > Adding > >
2016 Dec 02
0
Samba and kerberized NFSv4
On Fri, 02 Dec 2016 12:44:04 +0100 marcel at linux-ng.de wrote: > Am 2016-12-02 12:12, schrieb Rowland Penny via samba: > > On Fri, 2 Dec 2016 11:05:50 +0100 > > Matthias Kahle via samba <samba at lists.samba.org> wrote: > > > >> > Does it work if you manually add > >> > userPrincipalName=CLIENT02.DOMAIN.TLD to your clients ldap entry >
2012 Feb 13
1
Samba winbind and nfsv4 krb5
Hi All, I'm struggling since weeks to get samba winbind and a kerberized nfs mount running. We have a Netapp SAN exporting the nfs share with sec=krb5 and a Linux Client Ubuntu 10.04 Server trying to access the exported share. Accessing the share without krb5 (sec=sys) works fine. The linux machine is joined to an Windows 2008R2 domain and user/group lookups login via ssh etc. work fine. I
2018 Oct 31
12
Again NFSv4 and Kerberos at the 'samba way'...
Hai Marco, > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > > Sofar, until tomorrow, > > Done some tests, metoo. > > 1) seems that nfs-common is disabled 'by design'. Looking at debian > changelog: > > nfs-utils (1:1.2.8-9.1) unstable; urgency=medium > > Partial sync from ubuntu, included changes: > >
2015 Oct 09
5
kerberos nfs4's principals and root access
Hai Batiste, Ok, thanks for these, i'll test that also. And the "why" is a bit more explained here. http://www.citi.umich.edu/projects/nfsv4/crossrealm/libnfsidmap_config.html and per example, http://www.citi.umich.edu/projects/nfsv4/crossrealm/ldap_server_setup.html First my work here, but this is a good one which i also need to adjust in my scripts, so thank you for asking
2013 Feb 07
4
NFSv4 + Kerberos permission denied
Hello, I've got a little problem with NFSv4 + Kerberos. I can do a mount with Kerberos with a valid ticket, but read-only. After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/ I can see: #klist: Feb 6 07:22:47 Feb 6 17:22:43 nfs/nfsserver at my.domain #/var/heimdal/kdc.log: 2013-02-06T07:28:26 TGS-REQ clientnfs at my.domain from IPv4:192.168.0.23 for nfs/nfsserver at
2018 Oct 09
10
NFSv4, homes, Kerberos...
I was used to integrate some linux client in my samba network mounting homes with 'unix extensions = yes', and works as expected, at least with some old lubuntu derivatives. Client side i use 'pam_mount'. Now i'm working on a ubuntu mate derivative, and i've not found a way to start the session properly in CIFS. If i create a plain local home (pam_mkhome), session start as
2010 Jul 02
2
Windows 2003 AD, Winbind, Kerberos and NFSv4
Hi All, I'm having a bit of difficulty getting a CentOS 5.5 Kerberized NFSv4 server working. This server is configured as a Winbind client to a Windows 2003 Active Directory. I've successfully bound it to AD and I am able to authenticate. I've successfully created a NFSv4 entry in /etc/exports to export the /exports directory and I can successfully mount a non-Kerberized NFSv4