[Samba] nfs4 with Samba 4
Gémes Géza
geza at kzsdabas.hu
Sat Jan 28 12:29:17 MST 2012
2012-01-28 18:41 keltezéssel, steve írta:
> On 28/01/12 12:21, steve wrote:
>> On 28/01/12 11:03, Gémes Géza wrote:
> Summary:
>
> 1. kerberized /etc/exports
> /export gss/krb5(rw,fsid=0,insecure,no_subtree_check,async)
> /export/home gss/krb5(rw,nohide,insecure,no_subtree_check,async)
> then:
> mount -t nfs4 hh3:/home /mnt -o sec=krb5
> no write access
>
> 2. conventional /etc/exports
> /export *(rw,fsid=0,insecure,no_subtree_check,async)
> /export/home *(rw,nohide,insecure,no_subtree_check,async)
> then:
> mount -t nfs4 hh3:/home /mnt
> write access OK
>
> 3. kerberized variation on /etc/exports
> /export
> *(rw,fsid=0,crossmnt,insecure,no_subtree_check,async,sec=krb5)
> /export/home *(rw,insecure,no_subtree_check,async,sec=krb5)
> then:
> mount -t nfs4 hh3:/home /mnt -o sec=krb5
> no write access
>
> I have tried all combos of crossmnt and nohide
>
> idmapd seems to be mapping correctly and id <user> gives what getent
> gives
>
> Any ideas? Why does the kerberized mount not allow rw access?
> Steve
>
> Geza, do you think it's worth sticking this on samba technical?
To me it seems an nfs4 related problem so no samba-technical is not the
right place to ask
In the meantime please tell us a little more about your environment:
pam config
idmapd config
klist (of user) right after login, before trying to do anything on nfs
and after (e.g an ls)
I'm not an nfs4 expert myself, but before migration (a few years ago) to
openafs I've had a working nfs4 gss/krb5 setup (it just kernel panic-ed
every other day, until I've got fed up and migrated away from it) maybe
I can remember.
Regards
Geza
More information about the samba
mailing list