[Samba] kerberos nfs4's principals and root access
L.P.H. van Belle
belle at bazuin.nl
Tue Aug 2 06:57:36 UTC 2016
> > And after, when I want to access my kerberized NFS share, I just need
> > to 'kinit Administrator' before ?
>
> Why do you need to do this ??
Even root cant access a user homedir over nfsv4.
You need to kinit administrator to make you way to all user dirs.
Or kinit as user for a single user dir
But if you need to kinit as user then something is wrong, thats not needed is setup correctly. At least i never kinit as user.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
> Verzonden: dinsdag 2 augustus 2016 8:48
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] kerberos nfs4's principals and root access
>
> On Tue, 2 Aug 2016 08:21:30 +0200
> Bruno Macadré <bruno.macadre at univ-rouen.fr> wrote:
>
> > Thanks for your answer,
> >
> > I already use Winbind AD backend with RFC2307. The only difference is
> > when i use 'getent passwd' logins are never prefixed by domainname....
> >
> > So, if I understand well your solution, I must :
> >
> > 1. Add unix attributes to my Administrator user (it's mandatory to
> > show the account with getent)
>
> No, you should never add RFC2307 attributes to Administrator, it will
> break the mapping on a DC and you need this.
>
> > 2. Adding 'username map' option in the member smb.conf
> > 3. Creating mapping file like you said
> >
>
> Yes
>
> > And after, when I want to access my kerberized NFS share, I just need
> > to 'kinit Administrator' before ?
>
> Why do you need to do this ??
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list