krb5 mount with large group membership

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Richard Smits <R.Smits@tudelft.nl>
To: linux-nfs@vger.kernel.org
Subject: krb5 mount with large group membership
Date: Thu, 14 Jul 2011 11:30:22 +0200	[thread overview]
Message-ID: <4E1EB72E.5080803@tudelft.nl> (raw)

Hello list,

I am running into a problem. Perhaps someone understands what is 
happening here. I will explain.

I have a Redhat 5.4 client that is accessing a nfs export on a NFS 
server. (Redhat 6.1)

Our KDC is a Windows AD.

The client is using samba-winbind. If a user is a member of 23 groups or 
lower, I can access the export. If a user is a member of more groups, 
the mount fails with a "Permission denied"

mount /data
-bash-3.2$ cd /data
-bash: cd: /data: Permission denied

Thew odd thing is if I try a mount to our Netapp filer with also a krb5 
export, there is no problem.

This has to do something with the ticket size in combination with 
memberships to a large number of groups.

So what must i do to get this Redhat server working with this setup ? It 
seems that Netapp did something to get this working ?

Does this sound familiar to anyone, or should i provide more information ?

Versions server side :
nfs-utils-1.2.3-7
krb5-workstation-1.9-9

Greetings ... Richard Smits

next             reply	other threads:[~2011-07-14  9:30 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-07-14  9:30 Richard Smits [this message]
2011-07-14 11:14 ` krb5 mount with large group membership Assarsson, Emil
2011-07-14 13:03   ` Richard Smits
2011-07-14 13:29     ` Assarsson, Emil
2011-07-14 17:25   ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E1EB72E.5080803@tudelft.nl \
    --to=r.smits@tudelft.nl \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.