I had a hunch… this is my home router/lab (and a member of the “cutting cheese with a chainsaw” hall of fame). The domain only exists because LDAP is even less familiar to me (and seemed a bit insufficient).
The program I’m running is syncthing, it serves as a combination of local backup, remote backup, and file sync to pretty much everything I’m running.
Previously, syncthing was confined to an Ubuntu VM which had exclusive access to relevant files and the nethserver was more or less unused for personal data. The Ubuntu VM (which is the only member of the domain) was good-enough and able to share a bit over samba.
However, I’m now trying to move the remote backup and most of the synced data from a different computer to this box. At that point, the limits of the VM were too much.
So, I’ll back up a bit.
- My understanding is that systemd will not run a service as a domain user and that a local user cannot be mapped to a domain group. If either of these is possible then please let me know.
- From there I went about setting up k5start etc. to provide a ticket as described above.*
- the reason I had hoped this would work is that local accounts on the Ubuntu VM follow get access to the same files via NFS once they have a ticket.
If no one sees an obvious “this is what fixes it” I’m fine leaving the service as root… I have bigger blocks of cheese to cut, and I’m probably only a few months to a year away from a de-complication of this box.