Craig Huckabee skrev 2014-08-06 17:45:
I had a request from a small group locally that needs to access
their AFS space(s) via a Windows file share - installing the AFS
client on these systems is not an option.
So I started looking into doing this via Samba, using a dedicated
server (RHEL6). I've got normal shares working, using Kerberos
authentication to connect (works from OSX, Windows, etc).
A little research turned up a suggestion of doing something like
this in the smb.conf for AFS shares:
...
root preexec = /usr/bin/aklog -setpag -cell mycell.mil -keytab
/usr/afs/etc/rxkad.keytab -principal %u
...
This almost works but I think I'm running into either PAG issues or
some other weirdness. Testing the connection it appears that
sometimes I get tokens, sometimes I don't. Not sure if I need to
force the smbd into a new PAG on startup.
I did setup a quite well functioning samba gateway for AFS some years
ago. If memory serves correct it worked like this:
- Kerberos auth to smbd (no NTLM auth at all).
- Did not use PAGs on the file server.
- root preexec and kimpersonate was used to get AFS tokens.
I also run into problems with setting the PAG, but since it do not
matter to have it on the file server it could as well be skipped.
-- Ragge
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
