Displaying 20 results from an estimated 3000 matches similar to: "NFSv4, homes, Kerberos..."
2018 Oct 10
1
NFSv4, homes, Kerberos...
Thank you for that, i did have a good look at that one.
And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. 
Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled.
And yes, i've see bugchecks also but only on my debian .. Lenny..  Stt..  ;-) .. Its my last lenny
2020 Jul 24
4
samba4 kerberized nfs4 with sssd ad client
Hi everyone,
I have a samba DC, let's call it dc1.ad.example.com.
I have two members of the domain - server1.ad.example.com and 
server2.ad.example.com.?? They are not running smbd and winbind. 
Instead, they are running SSSD with AD backend.
I want to create an NFSv4 export on server1.ad.example.com and mount it 
on server2.ad.example.com (say, sec=krb5).
I found some instructions online
2018 Oct 09
0
NFSv4, homes, Kerberos...
Hai, 
I'm getting somewhere, here you go, a snap of what i have atm. 
And what works atm. Im asuming you have winbind already running. 
Obligated is A+PTR record in the DNS. 
You can turn or the rdns check in krb5.conf but i did not test that. 
# Tested on Debian Stretch - NFSv4 SERVER 
apt-get install --auto-remove nfs-kernel-server
systemctl stop nfs-*
Added in krb5.conf below the
2018 Oct 10
0
NFSv4, homes, Kerberos...
Hai,
Hmm.. Bummer.. 
I just discovered the debian package dont have the vfs_nfs4acl include in the build. 
And because of that it's not in my packages. I'll have a look into it, see what i can make of it. 
Greetz, 
Louis
 
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> L.P.H. van Belle via samba
> Verzonden: dinsdag 9
2019 Apr 26
4
Configured AD backend but getting different uid and gid
Hi,
Thank you for replying. User home directory creation is working without the
need to edit /etc/pam.d/common-session
The logon script I mentioned here is a in-house script to handle directory
mounting for file server access, and create shortcut on the account desktop
for different logins.
On my Linux machines, currently all is done manually by local user account
creation and by adding the
2018 Oct 11
2
NFSv4, homes, Kerberos...
Hai Marco,  
> -----Oorspronkelijk bericht-----
> Van: Marco Gaiarin [mailto:gaio at sv.lnf.it] 
> Verzonden: donderdag 11 oktober 2018 14:15
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] NFSv4, homes, Kerberos...
> 
> Mandi! L.P.H. van Belle
>   In chel di` si favelave...
> 
> > If you want to test the module, i have a set ready to test. 
> 
> Ahe,
2013 Feb 07
4
NFSv4 + Kerberos permission denied
Hello,
I've got a little problem with NFSv4 + Kerberos. I can do a mount with
Kerberos with a valid ticket, but read-only.
After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/
   I can see:
#klist:
Feb  6 07:22:47  Feb  6 17:22:43  nfs/nfsserver at my.domain
#/var/heimdal/kdc.log:
2013-02-06T07:28:26 TGS-REQ clientnfs at my.domain from IPv4:192.168.0.23
for nfs/nfsserver at
2020 Nov 10
4
nfs root kerberos
Hi Louis,
Thanks for your message. 
However, I already have NFS working completely. I'm only trying to work out root NFS access on the client.? I tried your NFS translation fix via idmapd.conf? but that isn't working for me. I've discovered that's because CentOS 7 is using gssproxy so apparently your fix won't work. The fix from Red Hat (adding some lines to krb.conf seen in my
2013 Feb 14
1
NFS resources, how to check version
Hello,
I set up NFSv4 server. To make sure I set
vfs.nfsd.server_min_nfsvers=4. I can check its version, for example,
by tcpduming and then I can see in wireshark lines like:
Network File System
Program Version: 4
V4 Procedure: COMPOUND....
....
is there any easier way to check its version?
I see there is nfsstat -e option which shows delegs and locks. But all
other ones are combined with nfsv3
2018 Feb 05
6
Using Samba AD for NFSV4 Kerberos servers and clients
Thanks Luc,
First, can I just use the small /etc/krb5.conf suggested in Samba AD 
docs or do I need something more substantial on the server & client for 
Kerberos NFS to work?
[libdefaults]
         default_realm = SUBDOMAIN.DOMAIN.COM
         dns_lookup_realm = false
         dns_lookup_kdc = true
I understand a /etc/krb5.keytab file has to be created on both server & 
client. Most
2020 Jul 24
0
samba4 kerberized nfs4 with sssd ad client
Depending on the OS. 
Below is tested/in production since samba 4.9.x and debian stretch
Currently running buster with samba 4.12.5 with samba and AD-Backends. 
All users have UID assigned, and "Domain Users".
This is really easy on any setup with systemd systems with samba and winbind. 
I'll show how easy this is for any debian/ubuntu related system but using systemd, maybe you
2018 Mar 04
1
Samba AD + Kerbero + NFS "Client no longer in database"
I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for 
NFSv4. The NFS server is the Samba AD server running Ubuntu Server 
16.0.4.3 and the client is Linux Mint 18.3
This export WORKS and mounts on client
########## /etc/exports ##########
/mnt/fileshare         *(rw,no_subtree_check,async)
############################
This export DOES NOT
########## /etc/exports ##########
2020 Nov 11
2
nfs root kerberos
Hai Jason, 
Hmm, yes, well, only one thing i can think of now is
And thats the last one..
Is the server allowed to delelagate kerberos services? 
If you have set that also? It's the last thing i can remember.
Greetz, 
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Jason Keltz via samba
> Verzonden: dinsdag 10 november
2019 Nov 05
5
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Ok, you did to much as far i can tell. 
 
You want to see this: i'll show my output, then i is better to see what i mean. 
 
this is where you start with. 
klist -ke |sort  ( default member ) 
---- --------------------------------------------------------------------------
   3 host/HOSTNAME1 at REALM.DOMAIN.TLD (aes128-cts-hmac-sha1-96)
   3 host/HOSTNAME1 at REALM.DOMAIN.TLD
2019 Oct 29
4
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Hi, the problem seems to be related to this bug:
  https://bugzilla.samba.org/show_bug.cgi?id=6750
I try therefore to set
  machine password timeout = 0
Il giorno mar 29 ott 2019 alle ore 11:11 Rowland penny via samba <
samba at lists.samba.org> ha scritto:
> On 29/10/2019 10:04, banda bassotti wrote:
> > I had already done it:
> >
> > # samba-tool spn list
2019 Nov 05
7
Failed to find cifs/fs-share@dom.corp (kvno 109) in keytab
Ok, 
 
Your keytab looks ok now. 
 
oldsamba.dom.corp is an alias for fs-a.oldsamba.dom.corp.
fs-a.dom.corp has address 10.0.0.2
i would have expected here. 
oldsamba.dom.corp is an alias for fs-a.dom.corp.
fs-a.dom.corp has address 10.0.0.2
Or was that a typo? I assuming a typo.. 
About your setup from the script outpout. 
 
Change this one.
/etc/hosts 
10.0.0.2 fs-a.dom.corp fs-a oldsamba  #
2019 Aug 21
3
winbind on DC : how use gidNumber instead of primaryGroupID as user's primary group
Le mar. 20 ao?t 2019 ? 14:30, L.P.H. van Belle via samba
<samba at lists.samba.org> a ?crit :
>
> Hai,
>
> >
> > In short. My network design previously work with Debian Stretch
> > Servers and clients and some Windows clients (not many).
> >
> > Debian Stretch use Samba 4.5.16 so there is no unix_primary_group
> > option for the clients. So I have
2018 Oct 24
5
Again NFSv4 and Kerberos at the 'samba way'...
Good morning Marco and others. 
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Marco Gaiarin via samba
> Verzonden: dinsdag 23 oktober 2018 18:58
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
> 
> 
> Sorry, i come back to this topic in a different thread,
2019 Aug 20
4
winbind on DC : how use gidNumber instead of primaryGroupID as user's primary group
On 20/08/2019 11:16, L.P.H. van Belle via samba wrote
>> The problem with that is, 'id' gets its info from the same place that
>> 'getent' does, so the OP will still get the wrong group ;-)
>>
>> Rowland
> Maybe i did not understand the question then.
> In: id username |awk -F"=" '{ print $2 }'|cut -d"(" -f1
> $2 = GID
2013 Jun 20
2
Samba4 and NFSv4
Is it possible that Samba4 includes a large PAC on the kerberos credential and you're going over the limit in kernel?  Against AD you have to disable this PAC inclusion via the userAccountControl attribute to make kerberised NFSv4 work correctly.  You /sometimes/ find that testing with a user who is a member of as close to no groups as possible works in this case, but users in many groups