[CentOS] [Samba] Samba4 and NSFv4
Steve Thompson
smt at vgersoft.com
Tue Jun 11 17:38:38 UTC 2013
On Sat, 8 Jun 2013, Steve Thompson wrote:
> Running out of ideas!
Well, I managed to solve this one. It turned out to be nothing to do with
Samba4, nor the version of nfs-utils (1.2.3-36) or the version of the
kernel (2.6.32-358.6.2.el6) on the NFS server and client. It was in the
/etc/exports file; I was exporting /mnt/exports (the NFSv4 root with
fsid=0) with sec=sys:krb5 and /mnt/exports/data (a file system), also with
sec=sys:krb5, but also /mnt/data (the real file system, which is
bind-mounted on to /mnt/exports/data), this time without specifying sec=.
The latter was as a service to clients using NFSv3. It transpired that by
adding sec=sys:krb5 to the latter export, the NFSv4+krb5 mounts all
started working. I could argue that this is a bug, but whatever, it is now
working.
Notes:
* allow_weak_crypto=yes is REQUIRED in krb5.conf for this software version
combo.
* a separate user object is REQUIRED with the UPN nfs/fqdn. I add this
using msktutil on the client when the client is joined to the domain.
Using "net ads keytab add nfs" is NOT sufficient, since it adds an
SPN and not a UPN.
Steve
More information about the CentOS
mailing list