[Samba] Again NFSv4 and Kerberos at the 'samba way'...
Rowland Penny
rpenny at samba.org
Wed Oct 31 08:51:00 UTC 2018
On Wed, 31 Oct 2018 08:31:17 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai Marco,
>
> >
> > Mandi! L.P.H. van Belle via samba
> > In chel di` si favelave...
> >
> > > Sofar, until tomorrow,
> >
> > Done some tests, metoo.
> >
> > 1) seems that nfs-common is disabled 'by design'. Looking at debian
> > changelog:
> >
> > nfs-utils (1:1.2.8-9.1) unstable; urgency=medium
> >
> > Partial sync from ubuntu, included changes:
> >
> > [ Martin Pitt ]
> > [...]
> > * 27-systemd-enable-with-systemctl-statd.patch: let the admin
> > enable/disable statd via systemd tools. (LP: #1428486)
> >
> > [...]
> > [ Andreas Henriksson ]
> > * Restore anything related to nfs-common.init and
> > nfs-common.default
> > * debian/nfs-common.links: Mask nfs-common init script with
> > a symlink
> > to /dev/null to avoid using it under systemd.
> >
> > so seems you have to enable/disable/mask single services. Note that
> > still there are some troubles, eg on client:
> >
> > root at vdmpp2:~# systemctl start nfs-idmapd
> > Failed to start nfs-idmapd.service: Unit
> > nfs-server.service not found.
> >
> > (but probably idmap is a server-only service, so it is normal?)
> > and also seems that /etc/default/nfs-common are *totally* ignored
> > (eg, there's no way to pass options to services).
> >
> > Anyway, now i'm able to restart nfs/rpc services. ;-)
>
> Ok, thats at least better.
>
> And no, /etc/default/nfs-common is not ignored. Its just harder to
> see it.
>
> systemctl cat nfs-config
> contains : ExecStart=/usr/lib/systemd/scripts/nfs-utils_env.sh
> And the nfs-utils_env.sh contains :
> [ -r /etc/default/nfs-common ] && . /etc/default/nfs-common
> [ -r /etc/default/nfs-kernel-server ]
> && . /etc/default/nfs-kernel-server
>
> ;-)
>
> And
> /lib/systemd/system/rpc-svcgssd.service
> Contains: ConditionPathExists=/etc/krb5.keytab
>
> Thats all ok.
>
> All i did for the server was systemctl enable nfs-server
> And for the client systemctl enable nfs-client
> After the setup, all other servers start if needed based on the
> settings in /etc/default/nfs-common
> and/or /etc/default/nfs-kernel-server
Hmm, I wonder if 'nfsidmap' is now being used instead of nfs-common ?
>
>
> >
> >
> > 2) doing some mounts on the same host, with verbose output, i get:
> >
> > Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: Success getting
> > keytab entry for 'nfs/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT'
> > Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: WARNING:
> > Preauthentication failed while getting initial ticket for
> > principal 'nfs/vdmpp1.ad.fvg.lnf.it at AD.FVG.LNF.IT' using
> > keytab 'FILE:/etc/krb5.keytab'
> > Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: ERROR: No credentials
> > found for connection to server vdmpp1.ad.fvg.lnf.it
> >
> > 'Preauthentication'?
> Hmm, that is strange, it looks like this computer account is acting
> like a real user. If i look in ADUC, Tab Account, only a user has the
> option to "disable preauthentication" So this might help in solving
> the problem. Can you check in ADUC of you see the Account tab or not.
> If its really a computer, you should not see the Account tab.
>
A computer is a user, it just has an extra objectclass and a '$' on the
end of the samAccountName
Rowland
More information about the samba
mailing list