On Tue, Jan 28, 2014 at 11:38 AM, Matt Garman matthew.garman@gmail.com wrote:
Here you may not realize you're distinguishing between authentication and
authorization.
Yeah, I forgot to mention that we already have Kerberos in place for authentication. It's authorization that is currently done by hand and checked with a manual script. (I needed that for the secure mount options NFSv4 provides.)
What is it that your scripts tweak? I have a small setup using kerberos against an AD for authentication, but the linux servers have their own passwd files for the small subset of users there. /home is shared from one server to all of the others in the set. This worked when initially set up with matching users (w/matching uids) but when I added new ones, nfsv4 mapped them to 'nobody' until I rebooted the clients. Restarting nfs and/or idmapd didn't help. Is there some way to make added users work?