Web lists-archives.com

Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...


A quick reply,
Since there is a major traffic jam here, still at the office, but its resolving now.. 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Marco Gaiarin via samba
> Verzonden: maandag 29 oktober 2018 17:33
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
> > > 	samba-tool spn add nfs/vdmpp1.ad.fvg.lnf.it vdmpp1$
> > > strange.
> > Yes, it is, what is the DC's samba version? Same as the members? 
> No. DS are still on 4.5.
Hm, ok, i would preffer 4.8, but it should work also. 
I think the wrong spn is coming from the 4.5 line, but not 100% sure.

> > if you cant setup in the dns correct and you need the hosts 
> files for both server and client.
> > And on both servers add in /etc/krb5.conf  in libdefaults part. 
> > rdns = no
> > # no PTR lookups are done now. 
> Ok, done that seems that at least 'sec=sys' mount now work. WOW!
> Probably is not due to rdns, but by the fact that:
> > Ok this part, check again after the reboot, i forget the -v 
> for the exportfs...  ( sorry ) 
> > exportfs -v 
> Now i've:
>  root@vdmpp1:~# exportfs -v
>  /home         	
> b5,rw,secure,root_squash,no_all_squash)
> but i've had sec=krb5 only, so... O;-)))

Ok, so sys works, this confirms a problem with detecting the nfs spns. 

> > Remove the one with NFS. 
> OK. But server is in production, so... how can i do that, without
> deinstalling and reinstalling all the stuff?
I'll think a bit about this for you so you can fix it without removeing it all. 
I'll re-read the thread again tomorrow and let you know. 

> I've stopped and run by hand /usr/sbin/rpc.gssd with '-vvv' 
> and /usr/sbin/rpc.svcgssd
> with '-vvv -p nfs/vdmpp1.ad.fvg.lnf.it' (/etc/default/nfs-* parameters
> variables seems are ignored) and still /usr/sbin/rpc.svcgssd write no
> log, and thsi seeems strage o me...

Wel, the sys option is not kerberize so seems logical to me you dont see thing in the log now. 

> -- 
> dott. Marco Gaiarin				        GNUPG 

Sofar, until tomorrow, 



To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba