On Thu, 20 Jun 2013, John Hodrien wrote:
> Is it possible that Samba4 includes a large PAC on the kerberos
> credential and you're going over the limit in kernel?
Well, that is a good avenue to explore. The user that I am testing with
(me) is only in five groups, but nevertheless I will take a further look
at that....
Five minutes later: holy crap! That is it. I took a user in only one
group: permission denied. I set the NO_AUTH_DATA_REQUIRED flag in
userAccountControl (via ldbedit), and hey presto NFSv4+krb5 now works. You
sir are a steely-eyed missile man!
> I'm not convinced your comment about having to run svcgssd on clients is
> enforced due to CentOS init scripts, but it shouldn't cause any bother
> as you say.
No, it doesn't cause any bother. It just seems that the start of both
rpc.gssd and rpc.svcgssd are conditional on SECURE_NFS being set to "yes".
There are no NEED_GSSD or NEED_SVCGSSD or whatever to filter it further.
Thanks,
Steve
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
