question about service principals (samba4)
Aaron Solochek
aarons-samba at aberrant.org
Fri Sep 24 15:57:09 MDT 2010
On 09/24/2010 05:11 PM, Andrew Bartlett wrote:
> On Fri, 2010-09-24 at 09:52 -0400, Aaron Solochek wrote:
>
>> That is on the client. The client, foo, is attempting to get the nfs/foo key
>> from the kdc using it's keytab. I'm not 100% sure, because this is my first
>> attempt at using nfs4, but I assume the nfs server requires that each client
>> have a service principal for nfs so that it can create the initial mount, and
>> then actual access to the files is determined by keys held in whatever PAG is
>> attempting the access. Anyway, I was just following the instructions from here:
>>
>> https://help.ubuntu.com/community/NFSv4Howto
>
> I've never used Kerberised NFS, but those instructions do not follow the
> standard pattern for Kerberos. It may be as you suggest that NFS is
> special, but it's not what is expected, which is why Samba doesn't like
> it.
>
Fair enough, but it does seem to be situation that is supported by heimdal and
MIT krb5, so I think samba probably should like it.
Of course, I might stop caring if unix extensions were working with cifs :)
-Aaron
More information about the samba-technical
mailing list