[Samba] Samba server with NFSV4/kerberos
Orion Poplawski
orion at cora.nwra.com
Tue May 16 22:26:05 UTC 2017
On 05/12/2017 05:22 PM, Jeremy Allison via samba wrote:
> On Wed, May 10, 2017 at 01:43:18PM -0600, Orion Poplawski via samba wrote:
>>> I have some code that does this I gave to a (large) user
>>> site to test. It took a forwarded ticket from the Windows
>>> client and saved it in the /tmp/krb5cc_XXXXX file so that
>>> the NFS client redirector on Linux could use it.
>>>
>>> I got it to work in testing, but never got good feedback
>>> from the users so didn't finish it up.
>>>
>>> I can dig it out again and forward port to 4.x if you
>>> like ?
>>>
>>> Jeremy.
>>
>> I would be very much interested in this if this is still around.
>
> Here is the (horrible hack) I created. Appropriately
> entitled "horrible hack". Won't apply to 4.x, and according
> to Simo the correct way to do this is via gss_store_cred_into(),
> so this code won't ever get upstream.
>
> If you can make it work locally it might help you out though !
>
> Jeremy.
Here's my updated version that uses gss_store_cred_into(). This seems to work
okay for me. I needed to make sure that delegation is enabled for the server
in AD but that's it.
I added unsetting KRB5CCNAME as that is being set in smb.service and we need
to store in the user's credential cache.
I'm sure there are mistakes as well. I'd be curious to know what else would
need to get cleaned up to try to get this into samba proper.
--
Orion Poplawski
Technical Manager 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: samba-forward.patch
Type: text/x-patch
Size: 2260 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba/attachments/20170516/eac4ab03/samba-forward.bin>
More information about the samba
mailing list