File ownership on Samba AD shares

Yeah, we really need it to be shared but it did seem to work when I briefly tried it. I’m cautiously optimistic.

As I said, I won’t be back in the office for a while, but it was something along the lines of:

  • Join the client to the realm with realmd.
  • Allow TCP/UDP 111,2049 on server firewall. Other ports not needed for v4.
  • yum install nfs-utils on both.
  • Add lines below to /etc/exports on server. Can possibly be simplified, needs further investigation.
  • Correctly set domain in /etc/idmapd.conf on both.
  • systemctl start nfs-idmap on both.
  • systemctl start nfs-server on server.
  • net -u administrator ads keytab add nfs on server.
  • systemctl start nfs-utils on client.
  • mount -t nfs4 -o sec=krb5p neth.example.com:/foo /mnt/foo on client.

/etc/exports

/var/lib/nethserver/ibays  *(rw,sec=sys:krb5:krb5i:krb5p,fsid=0)
/var/lib/nethserver/ibays/foo  *(rw,sec=sys:krb5:krb5i:krb5p,fsid=1)

I now wonder whether idmap is actually needed when the client has joined the domain via sssd. A quick search just now reveals there is some crossover here. I’ll look into it.

1 Like