On 20 October 2015 at 12:33, Ondrej Valousek
<Ondrej.Valousek(a)s3group.com> wrote:
Hi all,
Just put together few findings about kerberized NFS & AD. See here:
https://ovalousek.wordpress.com/2015/10/15/enable-kerberized-nfs-with-sss...
Thanks for this, I've had another attempt to get an AD-sssd Linux
client (CentOS 6.7) to connect to our Isilon cluster kerberized, but
am not having much luck. When I try the mount I get:
mount.nfs: access denied by server while mounting .....
Upping idmapd verbosity to 9, I get the following: (here
EXAMPLE.COM
is our long domain name, where a user would be joebloggs(a)EXAMPLE.COM
and
AD.INT is the short domain name):
https://gist.github.com/jberanek/3c8a1a10704b6200dc1d
The only thing that doesn't quite fit from your guidance is that the
FQDN used to access the Isilon is actually a load-balanced A record,
where every time you lookup the name you get a different IP, with the
different reverse lookup...
e.g..
nfs.siteb.isilon.example.com -> 10.20.30.34 ->
pool-00-04.siteb.example.com
Any ideas?
Cheers,
John
--
John Beranek To generalise is to be an idiot.
http://redux.org.uk/ -- William Blake