2016-12-30 21:26 GMT+01:00 Lukas Slebodnik <lslebodn(a)redhat.com>:
On (30/12/16 18:25), Rob Verduijn wrote:
>Hello,
>
>I've been struggling for some days on fedora25 to get gssproxy to work.
>
>After a long time I decided to try this on centos73 to see if I was doing
>it wrong.
>
>After a minimal install and joining it to the ipa domain the gssproxy was
>working flawless.
>
>After checking for the oompthied time for typos and possible kvno errors
in
>the keytabs I can say that the configuration that works flawlessly on
>centos73 does not work on fedora25.
>
>I first wondered if autofs and gssproxy wouldn't play nice together, but
it
>seems
>I have been fighting this bug on centos73 and fedora24/25:
>https://fedorahosted.org/sssd/ticket/3080
>Any idea when the fix will be released ?
>
The patch has not beed pushed to upstream yet.
But the workaround should be very simple.
sh# systemctl restart autofs.service
I let answer rest for others.
LS
_______________________________________________
gss-proxy mailing list -- gss-proxy(a)lists.fedorahosted.org
To unsubscribe send an email to gss-proxy-leave(a)lists.fedorahosted.org
Hi,
gssproxy also does not work on fedora24.
Is there a new way of configuring gssproxy ?
I used the example for apache from this page :
https://fedorahosted.org/gss-proxy/wiki/Apache
On centos73 I did:
ipa service-add HTTP/server-name(a)LOCAL.DOMAIN
installed the keytab in /etc/gssproxy/http.keytab
and edited the file /etc/gssproxy/gssproxy.conf
[gssproxy]
[service/HTTP]
mechs = krb5
cred_store = keytab:/etc/gssproxy/http.keytab
cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U
euid = 48
reboot and mounted the kerberized nfs4 share
did a su - apache -s /bin/bash
and the apache user could read the kerberized nfs4 share
I tried exactly the same on fedora 24 and 25, and on both it failed.
Rob Verduijn