2012-01-28 18:41 keltezéssel, steve írta: > On 28/01/12 12:21, steve wrote: >> On 28/01/12 11:03, Gémes Géza wrote: > Summary: > > 1. kerberized /etc/exports > /export gss/krb5(rw,fsid=0,insecure,no_subtree_check,async) > /export/home gss/krb5(rw,nohide,insecure,no_subtree_check,async) > then: > mount -t nfs4 hh3:/home /mnt -o sec=krb5 > no write access > > 2. conventional /etc/exports > /export *(rw,fsid=0,insecure,no_subtree_check,async) > /export/home *(rw,nohide,insecure,no_subtree_check,async) > then: > mount -t nfs4 hh3:/home /mnt > write access OK > > 3. kerberized variation on /etc/exports > /export > *(rw,fsid=0,crossmnt,insecure,no_subtree_check,async,sec=krb5) > /export/home *(rw,insecure,no_subtree_check,async,sec=krb5) > then: > mount -t nfs4 hh3:/home /mnt -o sec=krb5 > no write access > > I have tried all combos of crossmnt and nohide > > idmapd seems to be mapping correctly and id <user> gives what getent > gives > > Any ideas? Why does the kerberized mount not allow rw access? > Steve > > Geza, do you think it's worth sticking this on samba technical? To me it seems an nfs4 related problem so no samba-technical is not the right place to ask In the meantime please tell us a little more about your environment: pam config idmapd config klist (of user) right after login, before trying to do anything on nfs and after (e.g an ls)
I'm not an nfs4 expert myself, but before migration (a few years ago) to openafs I've had a working nfs4 gss/krb5 setup (it just kernel panic-ed every other day, until I've got fed up and migrated away from it) maybe I can remember. Regards Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba