From: steve <steve@steve-ss.com>
To: Liam Gretton <liam.gretton@leicester.ac.uk>
Cc: "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: Re: where can I ask user qns about nfs4?
Date: Sun, 05 Feb 2012 10:26:40 +0100 [thread overview]
Message-ID: <4F2E4B50.5040701@steve-ss.com> (raw)
In-Reply-To: <4F2D9A0E.6010503@leicester.ac.uk>
On 04/02/12 21:50, Liam Gretton wrote:
> I have a related question, and like the OP I was reluctant to ask here
> as it's not a dev question, but I can't find any other suitable forum.
>
> Has ANYBODY got kerberised NFS working where the KDC is Active
> Directory on a Windows 2008 R2 system? With 2008 R2, DES encryption
> for Kerberos is no longer enabled.
>
> Our AD admins are understandably not keen to go against the
> recommended behaviour and enable DES just for this service (it needs
> to be enabled globally across the domain).
>
> I can't find any documentation about Kerberised NFS that looks more
> recent than about 2006. That coupled with what I can see in the
> sources suggest that there's little development in this area, so I
> suspect the answer is that nobody has managed what I'm trying to do.
>
Hi Liam
I am the OP. We really do need some down to earth and up to date info on
NFS4. More to the point, it needs to be all in one place, rather than
having snippets all around the Internet. I'm not a tecchie but maybe I
could put together a readable howto if there was enough demand.
We have kerberized nfs4 working against Samba 4. There seem to be
different flavours of des. The Samba 4 Kerberos produced these server
keys for our test domain:
1 nfs/hh3.hh3.site@HH3.SITE (des-cbc-crc)
1 nfs/hh3.hh3.site@HH3.SITE (des-cbc-md5)
1 nfs/hh3.hh3.site@HH3.SITE (arcfour-hmac)
We put together a howto which includes the nfs4 stuff here:
http://linuxcostablanca.blogspot.com/p/samba-4.html
HTH a little
Cheers,
Steve
next prev parent reply other threads:[~2012-02-05 9:27 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-02 6:39 where can I ask user qns about nfs4? steve
2012-02-02 10:58 ` Tigran Mkrtchyan
2012-02-02 11:33 ` nfs4 keytabs [was:Re: where can I ask user qns about nfs4]? steve
2012-02-02 13:05 ` Tigran Mkrtchyan
2012-02-02 13:29 ` steve
2012-02-02 14:56 ` steve
2012-02-02 18:57 ` Tigran Mkrtchyan
2012-02-03 17:22 ` steve
2012-02-06 13:31 ` steve
2012-02-04 20:50 ` where can I ask user qns about nfs4? Liam Gretton
2012-02-05 9:26 ` steve [this message]
2012-02-05 14:16 ` Jim Rees
2012-02-05 16:55 ` Liam Gretton
2012-02-05 17:37 ` Jim Rees
2012-02-06 16:39 ` J. Bruce Fields
2012-02-06 18:54 ` steve
2012-02-09 18:57 ` Don Riden
2012-02-09 19:33 ` steve
2012-02-10 8:19 ` steve
2012-02-10 18:40 ` J. Bruce Fields
2012-02-10 19:13 ` steve
2012-02-10 19:14 ` J. Bruce Fields
2012-02-10 23:20 ` steve
2012-02-10 20:47 ` Liam Gretton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F2E4B50.5040701@steve-ss.com \
--to=steve@steve-ss.com \
--cc=liam.gretton@leicester.ac.uk \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).