Hi, I'm currently attempting to setup a Linux Samba and Kerberized NFS server using a Windows 2008 R2 Domain controller as a KDC and I've run into an issue.
Currently I can make Kerberized NFS or Samba fileserving work but not both at the same time. Specifically: The Linux kerberized NFS daemon (rpc.svcgssd) appears to only be able to deal with service tickets up to a certain size. Active Directory adds a PAC to service tickets which makes them much larger than they otherwise would be. In order to work around this I've added 'NO_AUTH_DATA_REQUIRED' to the UserAccountControl attribute on the machine account in AD (as per this Microsoft KB article http://support.microsoft.com/kb/832572). This enables kerberized NFS to work correctly but appears to break the Samba authentication. Output from the samba logs initially looks promising [2012/02/20 07:37:33.548998,3] libads/kerberos_verify.c:678(ads_verify_ticket) libads/kerberos_verify.c:678: did not retrieve auth data. continuing without PAC but then degenerates from there. Is it possible to make Samba work in this configuration? The clients are running Windows 7 and I'm using Samba 3.6.1. Thanks Don -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
