/me cringes...
On 151a...I wonder if my problem will go away if I actually dist-upgrade...
Oh well, come Monday I shall know.
On Wednesday, December 14, 2011 01:57 PM, [email protected] wrote:
On OI 151a, the canonical name works fine for mapping the shares, but FQDN
does not. Perhaps, the bug was not fixed in OI, unlike in Nextena, as you
suggested.
On Wednesday, December 14, 2011 09:17 AM, Patrick O'Sullivan wrote:
I found that issue: https://www.illumos.org/issues/1087
However, that issue itself is that certain modes of access try to force
Kerberos auth, not that Kerberos auth itself is broken.
Do you know if the Kerberos auth issue was fixed or if they made
accessing \\servername.fqdn work like \\servername (i.e. using pass
through auth)?
No idea as I am not a Nexenta customer. The details appear to be on the
Nexenta bug tracking system.
My problem is that accessing \\servername does not work but \\serverip
does...
Googling for the Nexenta support number doesn't turn anything up.
On Dec 13, 2011, at 7:44 PM, Christopher
Chan<[email protected]> wrote:
There is an illumos issue on this I think: #1087. A fix is available
but I don't know if it has been applied to the illumos 151 tree and
whether OI has packaged that.
On Wednesday, December 14, 2011 08:18 AM, Patrick O'Sullivan wrote:
Question for the group at large:
Was true Kerberos support for CIFS ever added? It's tough to tell
because the old OpenSolaris documentation/bug tracking has been
largely taken down.
Here's one of the old references I can find:
http://arc.opensolaris.org/caselog/PSARC/2009/673/20091209_natalie.li
Alexei,
If you read that, you'll see that as of when it was written, the CIFS
service could do pass through auth but not true Kerberos auth. Maybe
pass through is working for members of ADS.DOMAIN.EDU but not for
KRB.REALM.EDU as those users are not part of ADS.DOMAIN.EDU. Maybe
some packet captures would help see what the flow actually looks like?
On Dec 12, 2011, at 10:08 PM, [email protected] wrote:
Greetings,
I'm trying to set OpenIndiana 151a as a storage server, ZFS/CIFS, in
a
cross Realm/Domain trust infrastructure. Namely, I have an MIT
Kerbreros 5
server, providing realm KRB.REALM.EDU, and an Active Directory
Windows
2003 server, providing domain ADS.DOMAIN.EDU, set with cross
DOMAIN/REALM
two-way trust.
The OpenIndiana ZFS/CIFS server is added to the domain,
ADS.DOMAIN.EDU, and
allows mapping shares onto Windows 7 desktops in the domain for the
domain
users, for example [email protected].
However, the user who logins to the same desktop as the realm user,
such
as [email protected], appears to ZFS/CIFS server as Guest and can
not
map the shares unlike the domain users.
However, my NetApp filer, which also operates in ADS.DOMAIN.EDU, has
no
problem mapping the shares for both the domain and the realm
accounts.
Is there any limitation in ZFS/CIFS on OpenIndiana 151a that
disallows
access to the shares in the cross Domain/Realm two-way trust case?
Any of your recommendations and advices would be appreciated.
Thanks,
Alexei
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
OpenIndiana-discuss mailing list
[email protected]
http://openindiana.org/mailman/listinfo/openindiana-discuss
