On Thu, 2012-12-20 at 11:06 +0000, Touretsky, Gregory wrote: > Hi, > > We're implementing RPCSEC_GSS with authentication against AD in our NFSv3 > environment. > Our Windows users use Samba to access NFS storage from their laptops. > What would be the best way to configure Samba to "forward" the credentials > from Windows laptop to be able to access NFS on user's behalf? > I saw some notes about Kerberos delegation in Samba 4 - is it ready for > production use? Any experience with this capability in NFS/Kerberos > environment?
It may be possible to extend Samba to support this, but at the moment it is not supported. We do have a much more mature GSSAPI stack in Samba 4.0, across the codebase, and we use that to forward kerberos credentials in the CIFS and DCE/RPC proxy code, but so far we don't use it in the normal file server. You would also need to find a way to initiate the NFS mount from Samba, and pass it the credentials in the form of a krb5 ccache. In short, it would be a development project, but the code in Samba 4.0 would do it much better than the old code. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
