[Samba] NFS4 with samba4 AD for authentication [Solved]
Lars Hanke
debian at lhanke.de
Wed Sep 24 00:25:15 MDT 2014
Thanks a lot!
>>>> I'm pretty confused, which principals I'd need and how to create
>>>> them in
>>>> the samba AD.
>>> The file server needs the nfs/ principal
>>> The client needs any one of nfs/ host/ root/ or simply the MACHINE$ key
>>
>> Okay, that seemed to have got me a step forward. I created
>> nfs/nfs4.fqdn, removed all enctypes except des-cbc-crc and added it to
>> /etc/krb5.keytab of the server.
> Our DC (4.1.6) uses arcfour-hmac-md5. It doesn't work with the weak
> enctypes unless you tell krb5.conf. Do you have an old version of nfs
> that does not recognise the strong keys?
> Get DNS setup properly, put the proper keys back in the keytab and try
> again.
No, just found it on several instructions on the net. After putting the
keys back in I came out with "Operation ot permitted". Setting the
"/etc/exports" to require gss/krb5 finally resulted in a successful
mount. Strangely showmount lists both host based and krb based
authentication, when /etc/exports has host based authentication selected.
Many thanks,
- lars.
More information about the samba
mailing list