[Samba] nfs root kerberos

Jason Keltz jas at eecs.yorku.ca
Thu Nov 12 13:27:24 UTC 2020


On 11/12/2020 8:17 AM, Rowland penny via samba wrote:
> On 11/11/2020 10:54, Jason Keltz via samba wrote:
>> Hi Louis,
>> I've looked into that and I'm not sure how this would be done?
>> By the way, even with your NFS translation fix (which doesn't work 
>> for me because gssproxy), do you do this before accessing root files..?
>> sudo root
>> kinit -k 'host$'
>>
> OK, after a bit of a battle, I now have a Centos 7 Unix domain member 
> mounting an NFS share from a Devuan NFS4 server.
>
> The actual mount wasn't a problem, it was getting the NFS server to 
> work 😮
>
> I used Samba AD DC's for the authentication, a Unix domain member as 
> the NFS server and a Centos 7 Unix domain member as the NFS client. I 
> did minimal setup on the Centos machine. 

Hi Rowland,

The problem wasn't getting NFS to work - it was getting NFS "root" 
access to work between a CentOS 7 client and CentOS 7 server  (AKA 
no_root_squash in /etc/exports).

Finally, after a significant amount of effort, I figured that out last 
night.

In my case, I needed to add a realms section for realm AD.EECS.YORKU.CA 
and include 2 auth_to_local rules as follows:

[realms]
   AD.EECS.YORKU.CA = {
     auth_to_local = RULE:[1:$1@$0](J1\$@AD.EECS.YORKU.CA)s/.*/root/
     auth_to_local = DEFAULT
   }

This allows root on "J1" to "really" be root.  Additional of the first 
line are required for each system.  The DEFAULT line is required.   Lots 
of fun let me tell ya.

Jason.




More information about the samba mailing list