Kerberized NFS root user access

steve steve at steve-ss.com
Wed Aug 15 13:09:48 EDT 2012


On 15/08/12 17:27, Alexander Luedtke wrote:
> Hi Steve,
>
> no, thats becouse u need a ticket to get into the user directory.
> even if u make an su -  <username> as root, u wont get into his
> homedirectory without the right user ticket - that what it is designded
> for, to
> protect the userdirectories.
>
> So only solution is to move the Samba Server to the same file server as
> the NFS server is.
>
> greetings
>
>   Alex
>
> Am 15.08.12 17:10, schrieb steve:
>> Hi
>> openSUSE 12.1
>>
>> Our Samba4 DC has a Kerberised NFS mounted share. I need the root user
>> to be able to write to the share. I can do this with by mounting it with:
>> no_root_squash,sec=sys
>>
>> Is there any way I can do it with:
>> sec=krb5
>>
>> root has a ticket in /tmp/krb5cc_0 but he always gets permission denied
>> when the share is mounted krb5, even with the no_root_squash
>>
>> Cheers,
>> Steve
>>
>> ________________________________________________
>> Kerberos mailing listKerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>
Hi
The Samba4 guys do not recommend the DC and the filer be one and the 
same box:( For this reason I am trying to find a way of separating the 
two without losing the krb5 security but at the same time be able to 
write and setup and delete user accounts. This means that I must have 
write access to the NFS mounted /home directories on the DC.
Cheers,
Steve



More information about the Kerberos mailing list