Re: [Samba] Using GPO to mount shares on Linux
- Date: Wed, 11 Oct 2017 16:52:29 +0200
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Using GPO to mount shares on Linux
Wohoo, finaly i could help Rowland :-p ;-)
I follow this as guidance:
1 server ( all in one ) use RID, easy to setup etc, but .. If you go to ... Or have plans to..
2 servers ( DC + a member )
use backend RID if you dont need access with a windows account to a shared home folder. ( cifs or nfs )
you use a dedicated local "linuxAdmin" for maintanace. ( often the first created user in linux )
use backend AD if you do need access with ssh for example or shared homefolders.
3 server or more, all server where ssh or access to a server with a shared folder is needed, use backend AD.
adviced is all servers with file shares.
Optional, mix this with RID, for example for a dedicated print server, or proxy server (auth).
I use setup 3.
Multiple servers with AD and RID mixed on the members, based on function.
A NFS pointer is.
Make sure you set you home folder 755, kerberos ( MIT ), lookf or .klogin in the home dir.
If the setup is to tight this fails. ( workaround: disable .klogin checking in krb5.conf )
And nfs/hostname.FQDN needs to be added to HOSTNAME$ where its needed.
For Cifs. You may need to add these lines in krb5.conf cifs uses them nfs not.
; for Windows 2008 with AES
default_tgs_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
Now here, if you see, Required keys not available, no matter what you do
Then you probley are missing these line in krb5.conf.
The source i use for above info :
Its a .nl domain but its in english ;-) and contains still good info.
Just beware its based on debian squeeze.
And a handy to know.
To unsubscribe from this list go to the following URL and read the