[Samba] NFS4 with samba4 AD for authentication [Solved]
steve
steve at steve-ss.com
Wed Sep 24 09:50:15 MDT 2014
On 24/09/14 08:25, Lars Hanke wrote:
> Thanks a lot!
>
>>>>> I'm pretty confused, which principals I'd need and how to create
>>>>> them in
>>>>> the samba AD.
>>>> The file server needs the nfs/ principal
>>>> The client needs any one of nfs/ host/ root/ or simply the MACHINE$ key
>>>
>>> Okay, that seemed to have got me a step forward. I created
>>> nfs/nfs4.fqdn, removed all enctypes except des-cbc-crc and added it to
>>> /etc/krb5.keytab of the server.
>> Our DC (4.1.6) uses arcfour-hmac-md5. It doesn't work with the weak
>> enctypes unless you tell krb5.conf. Do you have an old version of nfs
>> that does not recognise the strong keys?
> > Get DNS setup properly, put the proper keys back in the keytab and try
> > again.
>
> No, just found it on several instructions on the net. After putting the
> keys back in I came out with "Operation ot permitted". Setting the
> "/etc/exports" to require gss/krb5 finally resulted in a successful
> mount. Strangely showmount lists both host based and krb based
> authentication, when /etc/exports has host based authentication selected.
>
> Many thanks,
> - lars.
You maybe using bind mounted fsid0 exports. You don't need that any
longer. Just export the folder as you would with nfs3.
HTH,
Steve
More information about the samba
mailing list