[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensolaris-nfs-discuss
Subject:    [nfs-discuss] NFSv4 with Kerberos and Active Directory
From:       Daniel Uvehag <uvehag () kth ! se>
Date:       2010-07-13 2:19:47
Message-ID: 1746917492.151279012819684.JavaMail.Twebapp () sf-app1
[Download RAW message or body]

Hi

I'm novice at this and I've been trying to solve this myself but so far my attempts \
have been futile. My goal is to have an OpenSolaris host in a heterogeneous \
environment as a storage node, exposing both CIFS and NFS services with Active \
Directory interoperability where Windows Clients connect using CIFS and a few Linux \
hosts use NFSv4 with Kerberos (for security and authentication).

As of now, I have a testing environment up and running with one Windows server (2008 \
R2) configured to be an Active Directory server (with DNS and Kerberos). I've \
successfully joined two OpenSolaris snv_134 hosts to the domain (using smbadm) and \
then configured Kerberos on them (basically setting up /etc/krb5/krb5.conf) and \
everything seems sweet and dandy, except that I seem to have some id mapping problem. \
Both machines are setup to use nss_ad (I believe it's working, "getent passwd" works \
successfully) but everything created on the nfs share is always owned by nfs:nobody.

I've been trying to figure out where the problem lies, I get nothing I can interpret \
using "snoop port nfsd" and I've tried an example DTrace-snippet I found here: \
http://blogs.sun.com/erickustarz/entry/nfsmapid_domain but it is silent.

The NFS domains are equal (checked /var/run/nfs4_domain). The share is exported using \
krb5:krb5i:krb5p and I can browse it and create files.

Any help or pointers to get me closer to my goal is most appreciated.

Thanks in advance

Best regards
uvehag
-- 
This message posted from opensolaris.org
_______________________________________________
nfs-discuss mailing list
nfs-discuss@opensolaris.org


[prev in list] [next in list] [prev in thread] [next in thread]