Samba4: The mit list insist that file server and DC must be one and the same

[steve]

Hi everyone

I have setup a separate S3 file server for our S4 DC. The problem is 
that creating home directoreis for users on an NFS mounted /home share 
will not allow root access via krb5 with or without no_root_squash.

The krb5 gurus say that it can't be done via krb5. I have to use 
no_root_squash and sec=sys

Here is a copy of what seems to be an impossible scenario of having 
Kerberised NFS on a separate box to the DC:

Hi Steve,

no, thats becouse u need a ticket to get into the user directory.
even if u make an su -  <username> as root, u wont get into his
homedirectory without the right user ticket - that what it is designded 
for, to
protect the userdirectories.

So only solution is to move the Samba Server to the same file server as 
the NFS server is.

greetings

Am 15.08.12 17:10, schrieb steve:
 > Hi
 > openSUSE 12.1
 >
 > Our Samba4 DC has a Kerberised NFS mounted share. I need the root user
 > to be able to write to the share. I can do this with by mounting it with:
 > no_root_squash,sec=sys
 >
 > Is there any way I can do it with:
 > sec=krb5
 >
 > root has a ticket in /tmp/krb5cc_0 but he always gets permission denied
 > when the share is mounted krb5, even with the no_root_squash
 >
 > Cheers,
 > Steve
 >
 > ________________________________________________
 > Kerberos mailing list           Kerberos at mit.edu
 > https://mailman.mit.edu/mailman/listinfo/kerberos