[Samba] Samba and kerberized NFSv4
Matthias Kahle
ir-lists-samba at gdnsc.de
Fri Dec 2 10:05:50 UTC 2016
> Does it work if you manually add userPrincipalName=CLIENT02.DOMAIN.TLD to your clients ldap entry and reexport the keytab?
I already thought about trying that. So by now, I tried tweaking the client's LDAP entry.
Adding
userPrincipalName=CLIENT02.DOMAIN.TLD
does not succeeed, however, after reviewing the ldap filter once again, I added
userPrincipalName=nfs/client02.domain.tld at DOMAIN.TLD
to the workstation's account and finally, the mount does not return an error anymore. Though I can't access anything on the mounted share but I guess that's OK for now, because the users' home directories hosted there must not be accessible to the root user at all.
However I don't expect that to be the right approach, not only because it requires a userPricipalName for a service but mainly because I even have to add the kerberos REALM ... or am I mistaken there? (please bear with me if that sounds stupid, I'm still somehow new to dealing with kerberos)
Regards,
Mathias
More information about the samba
mailing list