Hi 12.1 Our Samba4 DC has a Kerberised NFS mounted share. I need the root user to be able to write to the share. I can do this by mounting it with: no_root_squash,sec=sys Is there any way I can do it with: sec=krb5? root has a ticket in /tmp/krb5cc_0 but he always gets permission denied when the share is mounted krb5, even with the no_root_squash Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi, On Wed, Aug 15, 2012 at 05:13:14PM +0200, lynn wrote:
Our Samba4 DC has a Kerberised NFS mounted share. I need the root user to be able to write to the share. I can do this by mounting it with: no_root_squash,sec=sys
Is there any way I can do it with: sec=krb5?
root has a ticket in /tmp/krb5cc_0 but he always gets permission denied when the share is mounted krb5, even with the no_root_squash
I never used NFS with Kerberos, but a quick search with Google yielded: http://users.ece.cmu.edu/~allbery/lambdabot/logs/kerberos/2008-07-19.txt HTH! -- Bye, Stephan Barth SUSE Technical Services - SUSE LINUX GmbH GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 21284 (AG Nürnberg) Maxfeldstr. 5, D-90409 Nuremberg Register at suse.com/susecon - Follow us at twitter.com/susecon12 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 21/08/12 05:44, Stephan Barth wrote:
Hi,
On Wed, Aug 15, 2012 at 05:13:14PM +0200, lynn wrote:
Our Samba4 DC has a Kerberised NFS mounted share. I need the root user to be able to write to the share. I can do this by mounting it with: no_root_squash,sec=sys
Is there any way I can do it with: sec=krb5?
root has a ticket in /tmp/krb5cc_0 but he always gets permission denied when the share is mounted krb5, even with the no_root_squash
I never used NFS with Kerberos, but a quick search with Google yielded:
http://users.ece.cmu.edu/~allbery/lambdabot/logs/kerberos/2008-07-19.txt
HTH!
Hi THanks. rpc.gssd -n seems to help, but only for the first nfs access. I have a ssh workaround where I access the server instead of mounting the share si that's good enough until I can investigate further. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
lynn wrote:
I need the root user to be able to write to the share.
Very bad idea.
I have a ssh workaround where I access the server instead of mounting the share
Better idea. Google for the whys and wherefores and consider changing your system design instead of opening a root hole. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 21/08/12 11:03, Dave Howorth wrote:
lynn wrote:
I need the root user to be able to write to the share.
Very bad idea.
I have a ssh workaround where I access the server instead of mounting the share
Better idea.
Google for the whys and wherefores and consider changing your system design instead of opening a root hole.
Hi Dave Are you saying that the second idea is better than the first or that using google is a better idea? OK. Give us a clue. I need to be able to create home directories for new users. On all the systems I've come across, only root has been able to do that. Please point me in the right direction. I should add that Kerberos is in the mix too which makes things pretty impenetrable I think. Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
lynn wrote:
On 21/08/12 11:03, Dave Howorth wrote:
lynn wrote:
I need the root user to be able to write to the share.
Very bad idea.
I have a ssh workaround where I access the server instead of mounting the share
Better idea.
Google for the whys and wherefores and consider changing your system design instead of opening a root hole.
Hi Dave
Are you saying that the second idea is better than the first or that using google is a better idea?
The former.
OK. Give us a clue.
Google is the clue. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 2012-08-21 at 11:02 +0100, Dave Howorth wrote:
lynn wrote:
On 21/08/12 11:03, Dave Howorth wrote:
lynn wrote:
I need the root user to be able to write to the share. Very bad idea.
Maybe, maybe not. The options you want in exports is no_root_squash. /data/docs *.mycompany.com(ro,root_squash)
I have a ssh workaround where I access the server instead of mounting the share Better idea.
Seems pretty much the same to me.
Google for the whys and wherefores and consider changing your system design instead of opening a root hole. OK. Give us a clue. Google is the clue.
Google is a massive time sink of sifting through loads of crap; when the question could just be answered via the list.
On 21/08/12 15:44, Adam Tauno Williams wrote:
On Tue, 2012-08-21 at 11:02 +0100, Dave Howorth wrote:
lynn wrote:
On 21/08/12 11:03, Dave Howorth wrote:
lynn wrote:
> I need the root user to be able to write to the share. Very bad idea.
Maybe, maybe not. The options you want in exports is no_root_squash.
/data/docs *.mycompany.com(ro,root_squash)
I have a ssh workaround where I access the server instead of mounting the share Better idea.
Seems pretty much the same to me.
Google for the whys and wherefores and consider changing your system design instead of opening a root hole. OK. Give us a clue. Google is the clue.
Google is a massive time sink of sifting through loads of crap; when the question could just be answered via the list.
Hi everyone. maybe I should explain a little more. I have a Samba4 DC on one box and a Samba3 (for m$ boxes) and NFS file server (for openSUSE boxes) on another. When I create a new user on the DC, I want to be able to prepare the home directory I have specified in LDAP on the file server. To be able to do that, I could create the user account on the DC and then physically move to the fileserver and create his home directory that way. But hey. . . As far as I can see, the only user who has access to the directories where I need to create is root. The nfs and ssh examples are the other two alternatives I've come up with. If you know a better way than any of these three methods then please share them. As Adam says, it's time consuming and many of the Kerberized NFS articles out there are either wrong and/or outdated. Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Adam Tauno Williams -
Dave Howorth -
lynn -
Stephan Barth