[Samba] Replacing SSSD with just WINBIND for NFSv4

Luc Lalonde Luc.Lalonde at polymtl.ca
Thu Sep 2 18:06:23 UTC 2021 

Hello again,

My mounts are working as described in my earlier posts...

However, I get 'permission denied' when I try to access my home directory.

Here's my config file:

[global]
     workgroup = EXAMPLE
     realm = EXAMPLE.COM
     security = ADS
     kerberos method = secrets and keytab

     dedicated keytab file = /etc/krb5.keytab
     kerberos method = secrets and keytab
     winbind use default domain = yes
     winbind expand groups = 2
     winbind refresh tickets = Yes
     winbind enum groups = Yes
     winbind enum users = Yes

     idmap config *:backend = tdb
     idmap config *:range = 200-999
     idmap config EXAMPLE:backend = ad
     idmap config EXAMPLE:schema_mode = rfc2307
     idmap config EXAMPLE:unix_nss_info = yes
     idmap config EXAMPLE:range = 1100-999999
     idmap config EXAMPLE:unix_primary_group = yes

     username map = /etc/samba/user.map

I think I'm almost there... Is there something missing with my ID 
mapping?   Do you need to see my /etc/krb5.conf?

Thanks!

On 2021-09-02 10:51 a.m., L.P.H. van Belle via samba wrote:
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Rowland Penny via samba
>> Verzonden: donderdag 2 september 2021 16:40
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Replacing SSSD with just WINBIND for NFSv4
>>
>> On Thu, 2021-09-02 at 09:53 -0400, Luc Lalonde via samba wrote:
>>> Hello Louis,
>>>
>>> I'm still getting all the info together but I think that you're
>>> right.
>>>
>>> This directive on the client's configuration should make sure that
>>> unixHomeDirectory is properly passed along to AutoFS:
>>>
>>>> idmap config DOMAIN : unix_nss_info|
>>> I'm going to do some tests and get back to you!
>>>
>>> Thank You!.
>>>
>> I am getting lost here, I thought that autofs, when using NFS, could
>> only mount what the NFS server is exporting and that is fixed i.e. all
>> users will use /path/to/usersdir from the NFS server. This means that
>> you cannot use different paths for different users, or am I missing
>> something ?
>
> If i read it correctly what Luc showed.
>
> Let say i have as homedir : /usagers1/username
> /usagers1/username  Mounts on fs1.example.com:/&
>
> If i change it to /usagers2/username i move to server2
> /usagers2/username   Mounts on fs2.example.com:/&
>
> I never used automount like that, but if it works, i'll document it.
> So i wait for Luc his success message :-))
>
> Where if often goes wrong is the missing SPNs, then a user can mount his homedir
> The quick/dirty fix is root/SPN, but better is nfs/FQ.DN.TLD (@Realm)
>
>
>> I can think of one way around this, but it doesn't involve
>> unixhomedirectory or NFS
> Always ears and open for new ideas :-)
> How would you do this?
>
>
> Greetz,
>
> Louis
>
>
-- 
Luc Lalonde, analyste
-----------------------------
Département de génie informatique:
École polytechnique de MTL
(514) 340-4711 x5049
Luc.Lalonde at polymtl.ca
-----------------------------


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20210902/01241056/OpenPGP_signature.sig>

More information about the samba mailing list