[Samba] Again NFSv4 and Kerberos at the 'samba way'...
Marco Gaiarin
gaio at sv.lnf.it
Mon Oct 29 16:33:00 UTC 2018
Mandi! L.P.H. van Belle via samba
In chel di` si favelave...
> > samba-tool spn add nfs/vdmpp1.ad.fvg.lnf.it vdmpp1$
> > strange.
> Yes, it is, what is the DC's samba version? Same as the members?
No. DS are still on 4.5.
> if you cant setup in the dns correct and you need the hosts files for both server and client.
> And on both servers add in /etc/krb5.conf in libdefaults part.
> rdns = no
> # no PTR lookups are done now.
Ok, done that seems that at least 'sec=sys' mount now work. WOW!
Probably is not due to rdns, but by the fact that:
> Ok this part, check again after the reboot, i forget the -v for the exportfs... ( sorry )
> exportfs -v
Now i've:
root at vdmpp1:~# exportfs -v
/home 10.27.0.0/21(rw,wdelay,root_squash,no_subtree_check,sec=sys:krb5,rw,secure,root_squash,no_all_squash)
but i've had sec=krb5 only, so... O;-)))
> Remove the one with NFS.
OK. But server is in production, so... how can i do that, without
deinstalling and reinstalling all the stuff?
I've stopped and run by hand /usr/sbin/rpc.gssd with '-vvv' and /usr/sbin/rpc.svcgssd
with '-vvv -p nfs/vdmpp1.ad.fvg.lnf.it' (/etc/default/nfs-* parameters
variables seems are ignored) and still /usr/sbin/rpc.svcgssd write no
log, and thsi seeems strage o me...
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba
mailing list