On Thu, 2013-06-20 at 17:44 -0400, Steve Thompson wrote:
> On Thu, 20 Jun 2013, John Hodrien wrote:
> Five minutes later: holy crap! That is it. I took a user in only one
> group: permission denied. I set the NO_AUTH_DATA_REQUIRED flag in
> userAccountControl (via ldbedit), and hey presto NFSv4+
On Thu, 20 Jun 2013, John Hodrien wrote:
Is it possible that Samba4 includes a large PAC on the kerberos
credential and you're going over the limit in kernel?
Well, that is a good avenue to explore. The user that I am testing with
(me) is only in five groups, but nevertheless I will take a fu
On Thu, 20 Jun 2013, steve wrote:
Nobody agrees with anything for nfs4, so don't worry!
:) And boy oh boy is there a lot of just plain nonsense out there!
Ok, that narrows it down to kerberos I suppose. What does the mount look
like:
rpc.gssd -fvvv
and the idmapping:
rpc.idmapd -fvvv
Apart
On Thu, 2013-06-20 at 16:57 -0400, Steve Thompson wrote:
> On Thu, 20 Jun 2013, steve wrote:
>
> Thanks for your reply! I am really pulling my hair out over this one, and
> I don't have that much left :(
>
> > What do you have in /etc/idmapd.conf
>
> The content of this file is correct as far a
On Thu, 20 Jun 2013, steve wrote:
Thanks for your reply! I am really pulling my hair out over this one, and
I don't have that much left :(
What do you have in /etc/idmapd.conf
The content of this file is correct as far as I understand it, as it works
with NFSv3 and NFSv4 with sec=sys:
[G
On Thu, 2013-06-20 at 15:21 -0400, Steve Thompson wrote:
> mount -t nfs4 -o sec=krb5 :/data /mnt
What do you have in /etc/idmapd.conf
What does ps aux | grep rpc give?
Can the user browse using nfs3?
mount -t nfs3 -o sec=krb5 :/data /mnt
Have a look at the gotchas. There's loadsa wrong info abut
On Fri, 14 Jun 2013, Steve Thompson wrote:
I still have an issue with user access to the NFSv4 mount, and a
workaround for it, but that's for another time.
And now is another time (but I am at the point on giving up on this for
now, as it has become a large consumer of time).
To reiterate,