Re: [Samba] Samba4 and NFSv4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 11 Jun 2013, Steve Thompson wrote:

> * allow_weak_crypto=yes is REQUIRED in krb5.conf for this software version
>   combo.
> * a separate user object is REQUIRED with the UPN nfs/fqdn. I add this
>   using msktutil on the client when the client is joined to the domain.
>   Using "net ads keytab add nfs" is NOT sufficient, since it adds an
>   SPN and not a UPN.

Aw crap, I hate it when I do that. It turns out that allow_weak_crypto=yes 
is NOT required at all, provided that the nfs/fqdn UPN that is created 
supports the necessary enctypes. I original had --enctypes=0x3 when I 
created the UPN with msktutil; by recreating the UPN without using 
--enctypes at all, allow_weak_crypto=yes is no longer needed on either 
client or server, and NFSv4 mounts work just fine with everything 
essentially stock. It is still true that a UPN must be created, and "net 
ads keytab add" is not sufficient. This is with a Samba4 domain, btw.

I still have an issue with user access to the NFSv4 mount, and a 
workaround for it, but that's for another time.

Steve
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux