Read the document carefully and try again :)
IDmapper has a little to do with Kerberos. Care about the *gssd services - they handle
RH-6.7 works nicely to me.
[mailto:email@example.com] On Behalf Of John Beranek
Sent: 20 October 2015 14:23
To: End-user discussions about the System Security Services Daemon
Subject: Re: [SSSD-users] SSSD & AD & Kerberized nfs
On 20 October 2015 at 12:33, Ondrej Valousek <Ondrej.Valousek(a)s3group.com> wrote:
Just put together few findings about kerberized NFS & AD. See here:
Thanks for this, I've had another attempt to get an AD-sssd Linux client (CentOS 6.7)
to connect to our Isilon cluster kerberized, but am not having much luck. When I try the
mount I get:
mount.nfs: access denied by server while mounting .....
Upping idmapd verbosity to 9, I get the following: (here EXAMPLE.COM
is our long domain
name, where a user would be joebloggs(a)EXAMPLE.COM and AD.INT
is the short domain name):
The only thing that doesn't quite fit from your guidance is that the FQDN used to
access the Isilon is actually a load-balanced A record, where every time you lookup the
name you get a different IP, with the different reverse lookup...
-> 10.20.30.34 -> pool-00-04.siteb.example.com
John Beranek To generalise is to be an idiot.
-- William Blake
sssd-users mailing list
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.