[OpenIndiana-discuss] ZFS/CIFS shares in cross domains

Patrick O'Sullivan irish at insaneirish.com
Wed Dec 14 00:18:47 UTC 2011


Question for the group at large:

Was true Kerberos support for CIFS ever added? It's tough to tell because the old OpenSolaris documentation/bug tracking has been largely taken down.

Here's one of the old references I can find: http://arc.opensolaris.org/caselog/PSARC/2009/673/20091209_natalie.li

Alexei,

If you read that, you'll see that as of when it was written, the CIFS service could do pass through auth but not true Kerberos auth. Maybe pass through is working for members of ADS.DOMAIN.EDU but not for KRB.REALM.EDU as those users are not part of ADS.DOMAIN.EDU. Maybe some packet captures would help see what the flow actually looks like?

On Dec 12, 2011, at 10:08 PM, alexei at soemail.rutgers.edu wrote:

> Greetings,
> 
> I'm trying to set OpenIndiana 151a as a storage server, ZFS/CIFS, in a
> cross Realm/Domain trust infrastructure. Namely, I have an MIT Kerbreros 5
> server, providing realm KRB.REALM.EDU, and an Active Directory Windows
> 2003 server, providing domain ADS.DOMAIN.EDU, set with cross DOMAIN/REALM
> two-way trust.
> 
> The OpenIndiana ZFS/CIFS server is added to the domain, ADS.DOMAIN.EDU, and
> allows mapping shares onto Windows 7 desktops in the domain for the domain
> users, for example alex at ADS.DOMAIN.EDU.
> However, the user who logins to the same desktop as the realm user, such
> as alex at KRB.REALM.EDU, appears to  ZFS/CIFS server as Guest and can not
> map the shares unlike the domain users.
> 
> However, my NetApp filer, which also operates in ADS.DOMAIN.EDU, has no
> problem mapping the shares for both the domain and the realm accounts.
> 
> Is there any limitation in ZFS/CIFS on OpenIndiana 151a that disallows
> access to the shares in the cross Domain/Realm two-way trust case?
> 
> Any of your recommendations and advices would be appreciated.
> Thanks,
> Alexei
> 
> 
> 
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss




More information about the OpenIndiana-discuss mailing list