[CentOS] [Samba] Samba4 and NVSv4
Steve Thompson
smt at vgersoft.com
Sat Jun 8 19:27:09 UTC 2013
On Thu, 6 Jun 2013, Ritter, Marcel wrote:
> Newer versions of nfs-utils (>= 1.2.4) support the HOSTNAME$ format
> (treated like a UPN) used by Samba/Windows, which makes things easier
> (and could/should work out of the box with a keytab created by samba
> itself).
I have tried creating a Samba4 user object with a suitable UPN using
msktutil on the DC (this is successfully entered into the database):
# OU=Computers
# HOST=<short hostname>
# msktutil -c -b CN=$OU \
-k nfs-$HOST.keytab \
--computer-name nfs-$HOST \
--upn nfs/$HOST.test.cornell.edu \
--service nfs/$HOST.test.cornell.edu \
--server `hostname` \
--dont-expire-password \
--hostname $HOST.test.cornell.edu \
--enctypes 0x3
and then importing this keytab into the host's keytab with ktutil (so, not
using "net ads keytab add"). Verified the keytab with klist. Get
permission denied when trying to mount with sec=krb5. Various different
enctypes all get the same result.
I tried also building nfs-utils 1.2.8 from source and installing that on
the NFSv4 server (using the NFSv4 server as a client for this test). All
I get then, no matter what I put in the keytab, is:
rpc.gssd[1679]: ERROR: GSS-API: error in gss_set_allowable_enctypes(): GSS_S_BAD_MECH
(An unsupported mechanism was requested) - Unknown error
The build of nfs-utils (via rpmbuild) appeared clean but I suspect that
there may be something wrong with it. Still using the 2.6.32-358.6.2.el6
kernel.
I tried the workaround suggested in:
https://bugzilla.redhat.com/show_bug.cgi?id=720479
just in case, but it made no difference.
Running out of ideas!
-Steve
More information about the CentOS
mailing list