similar to: NFSv4, homes, Kerberos...

Hai, I'm getting somewhere, here you go, a snap of what i have atm. And what works atm. Im asuming you have winbind already running. Obligated is A+PTR record in the DNS. You can turn or the rdns check in krb5.conf but i did not test that. # Tested on Debian Stretch - NFSv4 SERVER apt-get install --auto-remove nfs-kernel-server systemctl stop nfs-* Added in krb5.conf below the

Hai, Hmm.. Bummer.. I just discovered the debian package dont have the vfs_nfs4acl include in the build. And because of that it's not in my packages. I'll have a look into it, see what i can make of it. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > L.P.H. van Belle via samba > Verzonden: dinsdag 9

Thank you for that, i did have a good look at that one. And i use Debian 9, if you test what i posted below in the thread, you will see NFSv4 works fine. Below is missing one more thing, the "allow to delegate (kerberos only) " on the computer object in the AD, should be enabled. And yes, i've see bugchecks also but only on my debian .. Lenny.. Stt.. ;-) .. Its my last lenny

Depending on the OS. Below is tested/in production since samba 4.9.x and debian stretch Currently running buster with samba 4.12.5 with samba and AD-Backends. All users have UID assigned, and "Domain Users". This is really easy on any setup with systemd systems with samba and winbind. I'll show how easy this is for any debian/ubuntu related system but using systemd, maybe you

I was used to integrate some linux client in my samba network mounting homes with 'unix extensions = yes', and works as expected, at least with some old lubuntu derivatives. Client side i use 'pam_mount'. Now i'm working on a ubuntu mate derivative, and i've not found a way to start the session properly in CIFS. If i create a plain local home (pam_mkhome), session start as

Hi Marco, You will hit muliple problems, most can be solved. Im installing a new member here with samba 4.8.5 and building new samba 4.8.6 atm. ;-). Im (trying to ) fix this also again in this new setup. Below it a bit of what i know. > Client are in DHCP, so it is hard to use 'normal' NFSv3 mount, eg > security by IP. If they register ( or are registered) in the dns correctly

Hai, NfsV4 and samba works fine but there is a big BUT and you have found it already. > The nfs4 krb5 export mounts on the remote client, but doesn't seem to > recognize permissions. The mount directory is shown as owned by root and the group is 4294967294 Yes, the nfsv4 acls and system acl over kerberos doent match anymore. This is a know problem and i dont know when it wil be

Well, my problem is i dont now how Centos/RH is handing this. I just know that the basics are.. 1) The server must have A and PTR record. (optional you can use CNAMEs as long A+PTR match). 2) you use nfs/$(hostname -f) and add this in the local keytab and in the computer object$ net ads keytab add_update_ads nfs/$(hostname -f) ( you dont add the REALM here ) ! 3) i know nfs

Hi Louis, I've looked into that and I'm not sure how this would be done? By the way, even with your NFS translation fix (which doesn't work for me because gssproxy), do you do this before accessing root files..? sudo root kinit -k 'host$' ? Jason. On Nov. 11, 2020, 2:48 a.m., at 2:48 a.m., "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: >Hai

Hai Jason, Hmm, yes, well, only one thing i can think of now is And thats the last one.. Is the server allowed to delelagate kerberos services? If you have set that also? It's the last thing i can remember. Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Jason Keltz via samba > Verzonden: dinsdag 10 november

Hi everyone, I have a samba DC, let's call it dc1.ad.example.com. I have two members of the domain - server1.ad.example.com and server2.ad.example.com.?? They are not running smbd and winbind. Instead, they are running SSSD with AD backend. I want to create an NFSv4 export on server1.ad.example.com and mount it on server2.ad.example.com (say, sec=krb5). I found some instructions online

Hello, I've got a little problem with NFSv4 + Kerberos. I can do a mount with Kerberos with a valid ticket, but read-only. After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/ I can see: #klist: Feb 6 07:22:47 Feb 6 17:22:43 nfs/nfsserver at my.domain #/var/heimdal/kdc.log: 2013-02-06T07:28:26 TGS-REQ clientnfs at my.domain from IPv4:192.168.0.23 for nfs/nfsserver at

Hello, I set up NFSv4 server. To make sure I set vfs.nfsd.server_min_nfsvers=4. I can check its version, for example, by tcpduming and then I can see in wireshark lines like: Network File System Program Version: 4 V4 Procedure: COMPOUND.... .... is there any easier way to check its version? I see there is nfsstat -e option which shows delegs and locks. But all other ones are combined with nfsv3

Hai, That bond0 interface, you might want to change that the interface name to bond1 Depending on the bonding settings, you might have hit a reserved name. I lots my docu on that but i know i configured a bond1 because bond0 didn work right. And then check these. wbinfo -pPt ( or wbinfo -p && wbinfo -P && wbinfo -t ) wbinfo --sids-to-unix-ids S-1-22-2-10513 wbinfo -D

Ok, i clarify a bit more. \\servername.internal.domain.tld\users2\%username% is used in my AD for the home folder of the users. %username% translates to the username. I tried 2 setups now, windows acl base setup and posix based setup. Both fail for me. THE SERVER with the shares ( and is nfs server) The samba/windows part. ( postix rights setup ) On the server this is /home/samba/users2

I am soo lost trying to get Samba AD 4.7.5 as a Kerberos source for NFSv4. The NFS server is the Samba AD server running Ubuntu Server 16.0.4.3 and the client is Linux Mint 18.3 This export WORKS and mounts on client ########## /etc/exports ########## /mnt/fileshare         *(rw,no_subtree_check,async) ############################ This export DOES NOT ########## /etc/exports ##########

Hello all. I converted my server from Fedora Core 3 to CentOS 4.1 and I've been slogging unsuccessfully through an NFSv4 problem. I'm using the same configuration for NFS that I had in place on FC3 that worked. On the server, I have the following data structure: /data /data/archive /data/pictures /data/music Each is a separate ext3 filesystem mounted with rw,acl. /etc/exports

I have been trying all sorts of things to get this working. nfsv4 works fine if I just use the nfs-v3 form of export i.e. /nfs4exports 192.168.230.237/24(ro,fsid=0,sync,insecure,no_root_squash,no_subtree_check,squash_uids=0-99) /nfs4exports/NDG 192.168.230.237/24(rw,insecure,no_subtree_check,nohide,sync,no_root_squash,squash_uids=0-99) but this is inherently open to all on this machine. so then

Hai, > > In short. My network design previously work with Debian Stretch > Servers and clients and some Windows clients (not many). > > Debian Stretch use Samba 4.5.16 so there is no unix_primary_group > option for the clients. So I have to use the "dirty" tweak of > modifying all my users "primaryGroupID" to the corresponding >

Thanks Luc, First, can I just use the small /etc/krb5.conf suggested in Samba AD docs or do I need something more substantial on the server & client for Kerberos NFS to work? [libdefaults]         default_realm = SUBDOMAIN.DOMAIN.COM         dns_lookup_realm = false         dns_lookup_kdc = true I understand a /etc/krb5.keytab file has to be created on both server & client. Most