[CentOS] [Samba] Samba4 and NFSv4

Thu Jun 20 21:44:18 UTC 2013
Steve Thompson <smt at vgersoft.com>

On Thu, 20 Jun 2013, John Hodrien wrote:

> Is it possible that Samba4 includes a large PAC on the kerberos 
> credential and you're going over the limit in kernel?

Well, that is a good avenue to explore. The user that I am testing with 
(me) is only in five groups, but nevertheless I will take a further look 
at that....

Five minutes later: holy crap! That is it. I took a user in only one 
group: permission denied. I set the NO_AUTH_DATA_REQUIRED flag in 
userAccountControl (via ldbedit), and hey presto NFSv4+krb5 now works. You 
sir are a steely-eyed missile man!

> I'm not convinced your comment about having to run svcgssd on clients is 
> enforced due to CentOS init scripts, but it shouldn't cause any bother 
> as you say.

No, it doesn't cause any bother. It just seems that the start of both 
rpc.gssd and rpc.svcgssd are conditional on SECURE_NFS being set to "yes".
There are no NEED_GSSD or NEED_SVCGSSD or whatever to filter it further.

Thanks,
Steve