I haven't done it, but I think it works if you have idmapping set up correctly. That is, if the idmapper domain is correct, then the client will send "root@DOMAIN" and the idmapd on the ganesha server will convert that to UID 0.
Daniel On Thu, Feb 8, 2018 at 6:45 PM, Pradeep <pradeeptho...@gmail.com> wrote: > Hello, > > It looks like Ganesha converts certain principals to UID/GID 0 > (idmapper.c:principal2uid()). I noticed that when a client uses kerberos > with AD, the default principal is <user>@<domain>. So when NFS operations > are tried with root on client, it sends the principal in <user>@<domain> > format which will not be mapped to UID/GID 0 on Ganesha side. > > Have anyone successfully used privileged access to NFS exports with > Kerberos/AD with Ganesha server? If yes, could share how you were able to > achieve that? > > Thanks, > Pradeep > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Nfs-ganesha-devel mailing list > Nfs-ganesha-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Nfs-ganesha-devel mailing list Nfs-ganesha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel
