On Wed, Aug 15, 2012 at 8:10 AM, steve <[email protected]> wrote: > Hi > openSUSE 12.1 > > Our Samba4 DC has a Kerberised NFS mounted share. I need the root user > to be able to write to the share. I can do this with by mounting it with: > no_root_squash,sec=sys > > Is there any way I can do it with: > sec=krb5 > > root has a ticket in /tmp/krb5cc_0 but he always gets permission denied > when the share is mounted krb5, even with the no_root_squash >
You need a ticket for a user with adequate permissions. One way, for example, is to make sure the directory (if you need to create a file) or file (if you need to modify a file) is writable by a group that the ticket's principal is part of. For example, the directory could be writable by group staff and root could be in group staff. An easier solution that doesn't require what is likely to be complex group and mode settings which are changeable by the user, is to simply acquire a ticket as the user. If your samba DC is also the KDC this should be rather trivial. If not, you just need a way to obtain such a ticket. Another solution is to export the share with sys security to the DC. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
