[Samba] Samba server with NFSV4/kerberos
Rainer Krienke
krienke at uni-koblenz.de
Tue Mar 24 04:18:13 MDT 2015
Hello,
I am searching for a solution that I thought should be kind of standard,
but until now I was not successful finding anything. Here is the problem:
At our site we offer windows and linux, most servers (eg file, samba,
web) are linux based. User data is stored on NFS file servers. Windows
systems are part of a Windows domain with an ADS domain controller. At
the moment the linux samba server is joined to the ADS domain
(ADSREALM.UNI-KOBLENZ.DE) and uses a "secutrity=ADS" configuration.
Works great with NFSV3.
Now I would like to set up a samba server that uses NFS V4/kerberos to
access user data instead of NFS3. NFSV4 with sec=krb5 is running fine
using a MIT kerberos server for the realm (LINUXREALM.UNI-KOBLENZ.DE)
running on linux. So when I am root eg on the samba server I can access
the NFS4 mounted user directories without any problem.
Now here is the problem: When samba tries to access a directory of a
windows user say "john" (john's home is NFS4 mounted on the samba
server) the samba process does this as the user "john" not root and gets
a permission denied, since for user "john" there is no kerberos TGT
allowing him to access the kerberized service NFS. This happens because
a windows user authenticates against the windows ADS server when he logs
in at windows and my MIT kerberos server does not know anything about this.
Does anyone have a similar setup and has a solution for the problem
described thats working?
Thanks
Rainer
--
Rainer Krienke, Uni Koblenz, Rechenzentrum, A22, Universitaetsstrasse 1
56070 Koblenz, http://userpages.uni-koblenz.de/~krienke, Tel: +49261287 1312
PGP: http://userpages.uni-koblenz.de/~krienke/mypgp.html,Fax: +49261287
1001312
More information about the samba
mailing list