Read the document carefully and try again :)
IDmapper has a little to do with Kerberos. Care about the *gssd services - they handle
Kerberos.
RH-6.7 works nicely to me.
O.
-----Original Message-----
From: sssd-users-bounces(a)lists.fedorahosted.org
[mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of John Beranek
Sent: 20 October 2015 14:23
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: Re: [SSSD-users] SSSD & AD & Kerberized nfs
On 20 October 2015 at 12:33, Ondrej Valousek <Ondrej.Valousek(a)s3group.com> wrote:
Hi all,
Just put together few findings about kerberized NFS & AD. See here:
https://ovalousek.wordpress.com/2015/10/15/enable-kerberized-nfs-with-
sssd-and-active-directory/
Thanks for this, I've had another attempt to get an AD-sssd Linux client (CentOS 6.7)
to connect to our Isilon cluster kerberized, but am not having much luck. When I try the
mount I get:
mount.nfs: access denied by server while mounting .....
Upping idmapd verbosity to 9, I get the following: (here
EXAMPLE.COM is our long domain
name, where a user would be joebloggs(a)EXAMPLE.COM and
AD.INT is the short domain name):
https://gist.github.com/jberanek/3c8a1a10704b6200dc1d
The only thing that doesn't quite fit from your guidance is that the FQDN used to
access the Isilon is actually a load-balanced A record, where every time you lookup the
name you get a different IP, with the different reverse lookup...
e.g..
nfs.siteb.isilon.example.com -> 10.20.30.34 ->
pool-00-04.siteb.example.com
Any ideas?
Cheers,
John
--
John Beranek To generalise is to be an idiot.
http://redux.org.uk/ -- William Blake
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.