[Samba] nfs root kerberos
Jason Keltz
jas at eecs.yorku.ca
Thu Nov 12 13:27:24 UTC 2020
On 11/12/2020 8:17 AM, Rowland penny via samba wrote:
> On 11/11/2020 10:54, Jason Keltz via samba wrote:
>> Hi Louis,
>> I've looked into that and I'm not sure how this would be done?
>> By the way, even with your NFS translation fix (which doesn't work
>> for me because gssproxy), do you do this before accessing root files..?
>> sudo root
>> kinit -k 'host$'
>>
> OK, after a bit of a battle, I now have a Centos 7 Unix domain member
> mounting an NFS share from a Devuan NFS4 server.
>
> The actual mount wasn't a problem, it was getting the NFS server to
> work 😮
>
> I used Samba AD DC's for the authentication, a Unix domain member as
> the NFS server and a Centos 7 Unix domain member as the NFS client. I
> did minimal setup on the Centos machine.
Hi Rowland,
The problem wasn't getting NFS to work - it was getting NFS "root"
access to work between a CentOS 7 client and CentOS 7 server (AKA
no_root_squash in /etc/exports).
Finally, after a significant amount of effort, I figured that out last
night.
In my case, I needed to add a realms section for realm AD.EECS.YORKU.CA
and include 2 auth_to_local rules as follows:
[realms]
AD.EECS.YORKU.CA = {
auth_to_local = RULE:[1:$1@$0](J1\$@AD.EECS.YORKU.CA)s/.*/root/
auth_to_local = DEFAULT
}
This allows root on "J1" to "really" be root. Additional of the first
line are required for each system. The DEFAULT line is required. Lots
of fun let me tell ya.
Jason.
More information about the samba
mailing list