I believe the answer is to add a "static" mapping of some principal name to be "root" locally on the server machine. See the example in the idmap.conf man page (that comes with libnfsidmap). On Tue, Nov 16, 2010 at 2:52 PM, Valentijn Sessink <valentyn@xxxxxxxx> wrote: > Hi, > > Op 16-11-10 19:30, J. Bruce Fields schreef: >>> >>> I found that having "no_root_squash" on the server, having a valid >>> Kerberos ticket for root@DOMAIN, does still not give you root rights on >>> a share. >> >> This is between a linux client and server? > > Yes. Not a really recent one though, must be Ubuntu 10.04 server and client. > >> Are other kerberos principals mapped as you'd expect? > > Yes — it's on our production network, user ID's are mapped without a > problem. While I'm typing this: I did not check what idmapd says; most of > the users are in LDAP, while root is just a local user with a corresponding > local user on the server. Can't think of a reason why this should bar root > from using the share, but I will check that, tomorrow, just to be sure. > > V. > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
