On Sun, 2017-01-01 at 20:37 +0100, Rob Verduijn wrote:
2016-12-30 21:26 GMT+01:00 Lukas Slebodnik
<lslebodn(a)redhat.com>:
> On (30/12/16 18:25), Rob Verduijn wrote:
> >Hello,
> >
> >I've been struggling for some days on fedora25 to get gssproxy to work.
> >
> >After a long time I decided to try this on centos73 to see if I was doing
> >it wrong.
> >
> >After a minimal install and joining it to the ipa domain the gssproxy was
> >working flawless.
> >
> >After checking for the oompthied time for typos and possible kvno errors
> in
> >the keytabs I can say that the configuration that works flawlessly on
> >centos73 does not work on fedora25.
> >
> >I first wondered if autofs and gssproxy wouldn't play nice together, but
> it
> >seems
> >I have been fighting this bug on centos73 and fedora24/25:
> >https://fedorahosted.org/sssd/ticket/3080
> >Any idea when the fix will be released ?
> >
> The patch has not beed pushed to upstream yet.
>
> But the workaround should be very simple.
> sh# systemctl restart autofs.service
>
> I let answer rest for others.
>
> LS
> _______________________________________________
> gss-proxy mailing list -- gss-proxy(a)lists.fedorahosted.org
> To unsubscribe send an email to gss-proxy-leave(a)lists.fedorahosted.org
Hi,
gssproxy also does not work on fedora24.
Is there a new way of configuring gssproxy ?
I used the example for apache from this page :
https://fedorahosted.org/gss-proxy/wiki/Apache
On centos73 I did:
ipa service-add HTTP/server-name(a)LOCAL.DOMAIN
installed the keytab in /etc/gssproxy/http.keytab
and edited the file /etc/gssproxy/gssproxy.conf
[gssproxy]
[service/HTTP]
mechs = krb5
cred_store = keytab:/etc/gssproxy/http.keytab
cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U
euid = 48
reboot and mounted the kerberized nfs4 share
did a su - apache -s /bin/bash
and the apache user could read the kerberized nfs4 share
I tried exactly the same on fedora 24 and 25, and on both it failed.
Does it work for you if you add
cred_store = client_keytab:/etc/gssproxy/http.keytab
?
--
Simo Sorce * Red Hat, Inc * New York