Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
- Date: Mon, 29 Oct 2018 18:24:40 +0100
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
A quick reply,
Since there is a major traffic jam here, still at the office, but its resolving now..
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> Marco Gaiarin via samba
> Verzonden: maandag 29 oktober 2018 17:33
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...
> Mandi! L.P.H. van Belle via samba
> In chel di` si favelave...
> > > samba-tool spn add nfs/vdmpp1.ad.fvg.lnf.it vdmpp1$
> > > strange.
> > Yes, it is, what is the DC's samba version? Same as the members?
> No. DS are still on 4.5.
Hm, ok, i would preffer 4.8, but it should work also.
I think the wrong spn is coming from the 4.5 line, but not 100% sure.
> > if you cant setup in the dns correct and you need the hosts
> files for both server and client.
> > And on both servers add in /etc/krb5.conf in libdefaults part.
> > rdns = no
> > # no PTR lookups are done now.
> Ok, done that seems that at least 'sec=sys' mount now work. WOW!
> Probably is not due to rdns, but by the fact that:
> > Ok this part, check again after the reboot, i forget the -v
> for the exportfs... ( sorry )
> > exportfs -v
> Now i've:
> root@vdmpp1:~# exportfs -v
> but i've had sec=krb5 only, so... O;-)))
Ok, so sys works, this confirms a problem with detecting the nfs spns.
> > Remove the one with NFS.
> OK. But server is in production, so... how can i do that, without
> deinstalling and reinstalling all the stuff?
I'll think a bit about this for you so you can fix it without removeing it all.
I'll re-read the thread again tomorrow and let you know.
> I've stopped and run by hand /usr/sbin/rpc.gssd with '-vvv'
> and /usr/sbin/rpc.svcgssd
> with '-vvv -p nfs/vdmpp1.ad.fvg.lnf.it' (/etc/default/nfs-* parameters
> variables seems are ignored) and still /usr/sbin/rpc.svcgssd write no
> log, and thsi seeems strage o me...
Wel, the sys option is not kerberize so seems logical to me you dont see thing in the log now.
> dott. Marco Gaiarin GNUPG
Sofar, until tomorrow,
To unsubscribe from this list go to the following URL and read the