Web lists-archives.com

Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...




Marco, 

New idea.. 

For the server part:  man rpc.svcgssd 
Option :  -n 
Use the system default credentials (host/FQDN@REALM) rather than the default nfs/FQDN@REALM.

And the host spn is correct everywhere as far i've seen. 

Add  in /etc/default/nfs-kernel-server 
RPCSVCGSSDOPTS=" -n"


Client Part. 
In conjuction with see: man rpc.gssd 

rpc.gssd searches in the following order for a principal to use.  
The first matching credential is used.  

For the search, <hostname> and <REALM> are replaced with the local system's hostname and Kerberos realm.

          <HOSTNAME>$@<REALM>
          root/<hostname>@<REALM>
          nfs/<hostname>@<REALM>
          host/<hostname>@<REALM>
          root/<anyname>@<REALM>
          nfs/<anyname>@<REALM>
          host/<anyname>@<REALM>


So this should work also. 
Im testing this after my lunch. 


Greetz, 

Louis



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba