On 20 October 2015 at 12:33, Ondrej Valousek
Just put together few findings about kerberized NFS & AD. See here:
Thanks for this, I've had another attempt to get an AD-sssd Linux
client (CentOS 6.7) to connect to our Isilon cluster kerberized, but
am not having much luck. When I try the mount I get:
mount.nfs: access denied by server while mounting .....
Upping idmapd verbosity to 9, I get the following: (here EXAMPLE.COM
is our long domain name, where a user would be joebloggs(a)EXAMPLE.COM
is the short domain name):
The only thing that doesn't quite fit from your guidance is that the
FQDN used to access the Isilon is actually a load-balanced A record,
where every time you lookup the name you get a different IP, with the
different reverse lookup...
-> 10.20.30.34 -> pool-00-04.siteb.example.com
John Beranek To generalise is to be an idiot.
-- William Blake