Ok, thanks - page updated.
AFAIK, this is NFS server problem - fortunately, we are using Netapp, so I do not worry
Sorry SSSD team for abusing this list...
[mailto:firstname.lastname@example.org] On Behalf Of John Hodrien
Sent: 20 October 2015 15:29
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] SSSD & AD & Kerberized nfs
On Tue, 20 Oct 2015, Ondrej Valousek wrote:
Will add this to my document, thanks.
I have heard about this issue - but how many is "many groups"?
I have user here with 32 groups - I do not experience any problems.
I'm not sure. 150 is definitely too many groups. Yes, it's definitely too many
groups even without NFS. It's related to whether the PAC fits in a page AFAIK.
The other part of the fix with AD, one you have these two computer objects:
ktpass -princ nfs/myhost.domain@REALM -mapuser myhost-nfs$ +rndPass -out temp.keytab
That then gives you a keytab to merge into the first, so on the client it looks like a
perfectly normal setup.
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.