[Samba] Samba server with NFSV4/kerberos

Rainer Krienke krienke at uni-koblenz.de
Tue Mar 24 04:18:13 MDT 2015


I am searching for a solution that I thought should be kind of standard,
but until now I was not successful finding anything. Here is the problem:

At our site we offer windows and linux, most servers (eg file, samba,
web) are linux based. User data is stored on NFS file servers. Windows
systems are part of a Windows domain with an ADS domain controller. At
the moment the linux samba server is joined to the ADS domain
(ADSREALM.UNI-KOBLENZ.DE) and uses a "secutrity=ADS" configuration.
Works great with NFSV3.

Now I would like to set up a samba server that uses NFS V4/kerberos to
access user data instead of NFS3. NFSV4 with sec=krb5 is running fine
using a MIT kerberos server for the realm (LINUXREALM.UNI-KOBLENZ.DE)
running on linux. So when I am root eg on the samba server I can access
the NFS4 mounted user directories without any problem.

Now here is the problem: When samba tries to access a directory of a
windows user say "john"  (john's home is NFS4 mounted on the samba
server) the samba process does this as the user "john" not root and gets
a permission denied, since for user "john" there is no kerberos TGT
allowing him to access the kerberized service NFS. This happens because
a windows user authenticates against the windows ADS server when he logs
in at windows and my MIT kerberos server does not know anything about this.

Does anyone have a similar setup and has a solution for the problem
described thats working?

Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse  1
56070 Koblenz, http://userpages.uni-koblenz.de/~krienke, Tel: +49261287 1312
PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287

More information about the samba mailing list