Kerberos contexts - definition?
steve
steve at steve-ss.com
Mon Aug 27 15:49:18 EDT 2012
On 27/08/12 20:59, Derek Warren wrote:
> Thank you for the insightful responses, Russ, Nico and Steve.
>
>
>
> On 2012-08-27, at 10:59 AM, steve at steve-ss.com wrote:
>> For us, nfs4 with a Samba4 AD, gssd fails when it can't find e.g. a
>> machine key in (by default) /etc/krb5.keytab
>
> Thank you, Steve. My previous diatribe shows that _all_ of those
> principals are present in /etc/krb5.keytab on the NFS server and client.
>
> Interesting that the only obvious differences here are that your setup
> works and doesn't contain any Microsoft products...
>
> Are you using Samba4 to do AD<->UID/GID mapping as well?
>
Hi
Yes. All our rfc2307 comes from Samba4 but I think 2008r2 should work
too because we use the same schema. We pull uidNumber:gidNumber on both
the DC and the Linux clients using nss-pam-ldapd.
BTW, does mounting with Kerberized nfs3 work? It may help narrow down
the problem.
Cheers,
Steve
More information about the Kerberos
mailing list