[Samba] Kerberized-nfs4 home-dir stopped working
Rowland Penny
rpenny at samba.org
Tue Jun 21 10:32:24 UTC 2022
On Tue, 2022-06-21 at 22:01 +1200, Andrew Bartlett via samba wrote:
>
>
> On Tue, 2022-06-21 at 11:56 +0200, Kees van Vloten wrote:
> > Hi Andrew,
> >
> > I did set "ms-DS-MachineAccountQuota: 0" and indeed only admins
> > create users. Is that a sufficient mitigation for the Dollar
> > Ticket attack?
> Yes. Thankfully no support for ms-DS-MachineAccountQuota in samba,
> and
> if I have anything to do with it, it will be de-fanged entirely if it
> ever comes along.
Apparently, you are not allowed to make statements like that :-D
> >
> > The other thing is I have smb-filesharing for Windows clients
> > and
> > nfs-filesharing for Linux clients, currently on separate sub-
> > trees
> > to avoid issues. I would like to consolidate those to one
> > technology, smb-filesharing.
> >
> > But I do have some questions:
> >
> >
> >
> > Do I need the unix-extensions for Linux clients (I have
> > disabled < smb3, i.e. cannot use unix-extensions at the
> > moment)?
> > Are there any thoughts about sharing a home-dir between
> > Windows and Linux, currently nfs-home is at /home/<user>
> > and smb (windows) home-dir is somewhere else?
> > Is pam_mount the way to go to mount the smb-homedir at login?
> > I could not find much on the Wiki.
> >
> >
> >
> >
>
>
> I'll let others answer on these.
>
> There is work ongoing to add back a safe set of unix extensions, but
> you can't use them right now. In the meantime the clients muddle
> along
> as best they can using 'normal' SMB2/3 features. It might work
> enough
> for you.
>
> Andrew Bartlett
I have 'played' with mounting a users home directory on a directory and
then used rsync to sync the users homedir with the mount (I couldn't
get mounting the share over '/home/$USERNAME' to work). This is, in a
way, better than the Windows way, you do not drag MB's of data across
the network.
Rowland
More information about the samba
mailing list