[Samba] nfs4 with Samba 4
Gémes Géza
geza at kzsdabas.hu
Sat Jan 28 03:03:58 MST 2012
2012-01-28 10:40 keltezéssel, steve írta:
> Hi everyone
> Version 4.0.0alpha18-GIT-bfc7481
> openSUSE 12.1
>
> Conventional nfs4 export works fine, but I'm having trouble
> kerberizing it for Samba 4 for my Samba 4 users.
>
> I've setup the nfs4 pseudo stuff like this:
> hh3:/ # mkdir /export
> hh3:/ # mkdir /export/home
> hh3:/ # mount --bind /home /export/home
>
> Here is /etc/exports:
> /export gss/krb5(rw,fsid=0,insecure,no_subtree_check,async)
> /export/home gss/krb5(rw,nohide,insecure,no_subtree_check,async)
>
> /etc/sysconfig/nfs has:
> NFS_SECURITY_GSS="yes"
>
> I have used samba-tool to make an nfs service principal and it responds:
> Kerberos: TGS-REQ HH3$@HH3.SITE from ipv4:192.168.1.3:35191 for
> nfs/hh3.hh3.site at HH3.SITE [canonicalize, renewable]
> Kerberos: TGS-REQ authtime: 2012-01-28T09:31:37 starttime:
> 2012-01-28T09:31:37 endtime: 2012-01-28T19:31:37 renew till:
> 2012-01-29T09:31:37
> when I:
> mount -t nfs4 hh3:/home /mnt -o sec=krb5
>
> It mounts OK and mount shows:
> hh3:/home/ on /mnt type nfs4
> (rw,relatime,vers=4,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5,clientaddr=192.168.1.3,minorversion=0,local_lock=none,addr=192.168.1.3)
>
> Autenticated Samba 4 users get 'Permission denied when trying to cd to
> /mnt. Only root can enter. The permissions using ls -la are:
> d????????? ? ? ? ? ? mnt
> You can see that /home has indeed been mounted but with strange
> permissions.
>
> Has anyone tried nfs with Samba 4 Kerberos?
> Why the permissions?
> What am I missing?
>
> Cheers,
> Steve
root can enter, because (you don't have no_root_squash) it is mapped to
the nobody user and thus has the basic rights
I would check if the user account you are trying to read/write/list/etc
the /mnt dir has got the nfs tickets, with a klist
Regards
Geza
More information about the samba
mailing list