On Thu, 20 Jun 2013, John Hodrien wrote:
> Is it possible that Samba4 includes a large PAC on the kerberos
> credential and you're going over the limit in kernel?
Well, that is a good avenue to explore. The user that I am testing with
(me) is only in five groups, but nevertheless I will take a
Is it possible that Samba4 includes a large PAC on the kerberos credential and
you're going over the limit in kernel? Against AD you have to disable this PAC
inclusion via the userAccountControl attribute to make kerberised NFSv4 work
correctly. You /sometimes/ find that testing with a user wh
On Thu, 20 Jun 2013, steve wrote:
Thanks for your reply! I am really pulling my hair out over this one, and
I don't have that much left :(
> What do you have in /etc/idmapd.conf
The content of this file is correct as far as I understand it, as it works
with NFSv3 and NFSv4 with sec=sys:
[Gene
On Fri, 14 Jun 2013, Steve Thompson wrote:
> I still have an issue with user access to the NFSv4 mount, and a
> workaround for it, but that's for another time.
And now is another time (but I am at the point on giving up on this for
now, as it has become a large consumer of time).
To reiterate,
On Tue, 11 Jun 2013, Steve Thompson wrote:
> * allow_weak_crypto=yes is REQUIRED in krb5.conf for this software version
> combo.
> * a separate user object is REQUIRED with the UPN nfs/fqdn. I add this
> using msktutil on the client when the client is joined to the domain.
> Using "net ads k
5 matches
Mail list logo
