[Samba] Using Samba AD for NFSV4 Kerberos servers and clients
Ken McDonald
ken at generation.tech
Mon Feb 5 01:23:48 UTC 2018
Thanks Luc,
First, can I just use the small /etc/krb5.conf suggested in Samba AD
docs or do I need something more substantial on the server & client for
Kerberos NFS to work?
[libdefaults]
default_realm = SUBDOMAIN.DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = true
I understand a /etc/krb5.keytab file has to be created on both server &
client. Most of the existing docs show commands to do this using a real
KDC, not Samba AD. If I try to use the kadmin tool, there's a message
about the krb5.conf being incomplete. I am able to use klist and ktutil
How do I generate the keytab file with the correct credentials?
nfs/server at subdomain.domain.com
nfs/client at subdomain.domain.com
Are these created manually by adding some account in ADUC and then use
"samba-tool domain exportkeytab" to export the krb5.keytab file
https://wiki.samba.org/index.php/Generating_Keytabs
-Ken
On 02/04/2018 06:29 PM, Luc Lalonde wrote:
> Hey Ken,
>
> We’re using AD as a Kerberos server for NFSv4 in our Linux labs to automount the students home directories.
>
> I can answer specific questions if you’ve got some.
>
> Cheers, Luc.
>
>
> Luc Lalonde, analyste
> -----------------------------
> Département de génie informatique:
> École polytechnique de MTL
> (514) 340-4711 x5049
> Luc.Lalonde at polymtl.ca
> -----------------------------
>
>> On Feb 4, 2018, at 16:30, Ken McDonald via samba <samba at lists.samba.org> wrote:
>>
>> Is it possible to use Samba AD for Kerberos KDC with NFV4 servers and then have clients connect to them?
>>
>> I have Ubuntu Server for the server and Linux Mint for clients. So far, I've got a lot setup according to these instructions
>>
>> https://help.ubuntu.com/community/NFSv4Howto
>>
>> And seem to have adapted the keytab entries from using this Samba AD info
>>
>> https://wiki.samba.org/index.php/Generating_Keytabs
>>
>> But I'm kind of stuck getting the actual mount to work on a client side. I'll admit to never using Kerberos with NFS before and my Samba AD knowledge is also fairly new (but I do have working Samba AD for Windows and Linux client logins, group, POSIX & Win ACls). I can't seem to find good information or howto on implementing NFSKerberos + SambaAD
>>
>> Before I post actual questions and logs, is this configuration even possible?
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list