Hi, I'm reading documentation about Kerberos, NFS and getting this stuff together working but I'm a bit questionning myself about a particular situation.
I have workstations in dualboot, Windows is attached to an Active Directory and an Ubuntu with user authentication on Active Directory domain controllers through Kerberos. Then, I have a NetApp filer which serves CIFS shares and NFSv4 shares. I would like static NFS mount, for exemple /home/students, then when a student logs in the workstation, uses his Kerberos auth/ticket to grab authorisation in order to read/write NFS share and his home dir ie /home/students/johndoe. It works like a charm on a linux system which has been added to the AD with the tool mskutil. But, in dualboot situation, msktutil rewrites workstation keytab/password and then Windows can't reauth itself to the domain. And I don't want to trash my AD with multiple host accounts or user account for a linux host. A thread in this group talk about a solution to this problem. It uses the same password between linux and windows attachment to the AD Kerberos realm. But, I was looking to a different solution which consists in building a different realm (Unix MIT for example) which could be used to authenticate nfs/ and host/ role of the linux system and the Active Directory to authenticate Windows systems and users. Is there a way, through cross-realm configuration, to get that working ? I thought about an inter-realm configuration between my two realm (MIT for example and the AD one). But as the NetApp filer can't be configured with multiple realm for NFS service I don't see how it could work. Where am I wrong ? What could be a pretty solution to my problem ? Thank you for your advices ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
