adding principals in S4 to controller account
Trever L. Adams
trever.adams at gmail.com
Fri Aug 19 04:13:30 MDT 2011
I am starting to look at NFS4 with krb5 authentication. I need to add an
nfs/ principal to the domain controller (S4) account. I am doing the
following:
/usr/local/samba/sbin/samba-tool spn add nfs/FILESERVER_FQDN
FILESERVER_HOST$
/root/samba-master/source4/scripting/bin/ktpass.sh --out
/etc/krb5.keytab --princ nfs/FILESERVER_FQDN --path-to-ldbsearch
/usr/local/samba/bin/ --pass --pass RANDOMPASSWORD
/root/samba-master/source4/scripting/bin/ktpass.sh --out
/etc/krb5.keytab --princ nfs/FILESERVER_FQDN --path-to-ldbsearch
/usr/local/samba/bin/ --pass --pass RANDOMPASSWORD --enc aes128-cts
/root/samba-master/source4/scripting/bin/ktpass.sh --out
/etc/krb5.keytab --princ nfs/FILESERVER_FQDN --path-to-ldbsearch
/usr/local/samba/bin/ --pass --pass RANDOMPASSWORD --enc aes256-cts
This does not seem to work. rpc.gssd on the client sets up
/tmp/krb5cc_machine_DOMAIN, but then complains about not being able to
create the krb5 context.
I am figuring that maybe my way of adding the nfs principal is the wrong
way.
Recap: I need to add an nfs/ principal to the machine account for the
S4/NFS server. I seem to be doing it wrong.
Thank you for any help,
Trever
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110819/590f89ef/attachment.pgp>
More information about the samba-technical
mailing list