[OpenIndiana-discuss] ZFS/CIFS shares in cross domains
alexei at soemail.rutgers.edu
alexei at soemail.rutgers.edu
Wed Dec 14 05:57:42 UTC 2011
On OI 151a, the canonical name works fine for mapping the shares, but FQDN
does not. Perhaps, the bug was not fixed in OI, unlike in Nextena, as you
suggested.
> On Wednesday, December 14, 2011 09:17 AM, Patrick O'Sullivan wrote:
>> I found that issue: https://www.illumos.org/issues/1087
>>
>> However, that issue itself is that certain modes of access try to force
>> Kerberos auth, not that Kerberos auth itself is broken.
>>
>> Do you know if the Kerberos auth issue was fixed or if they made
>> accessing \\servername.fqdn work like \\servername (i.e. using pass
>> through auth)?
>>
>
> No idea as I am not a Nexenta customer. The details appear to be on the
> Nexenta bug tracking system.
>
> My problem is that accessing \\servername does not work but \\serverip
> does...
>
>
>> Googling for the Nexenta support number doesn't turn anything up.
>>
>> On Dec 13, 2011, at 7:44 PM, Christopher
>> Chan<christopher.chan at bradbury.edu.hk> wrote:
>>
>>
>>> There is an illumos issue on this I think: #1087. A fix is available
>>> but I don't know if it has been applied to the illumos 151 tree and
>>> whether OI has packaged that.
>>>
>>>
>>>
>>> On Wednesday, December 14, 2011 08:18 AM, Patrick O'Sullivan wrote:
>>>
>>>> Question for the group at large:
>>>>
>>>> Was true Kerberos support for CIFS ever added? It's tough to tell
>>>> because the old OpenSolaris documentation/bug tracking has been
>>>> largely taken down.
>>>>
>>>> Here's one of the old references I can find:
>>>> http://arc.opensolaris.org/caselog/PSARC/2009/673/20091209_natalie.li
>>>>
>>>> Alexei,
>>>>
>>>> If you read that, you'll see that as of when it was written, the CIFS
>>>> service could do pass through auth but not true Kerberos auth. Maybe
>>>> pass through is working for members of ADS.DOMAIN.EDU but not for
>>>> KRB.REALM.EDU as those users are not part of ADS.DOMAIN.EDU. Maybe
>>>> some packet captures would help see what the flow actually looks like?
>>>>
>>>> On Dec 12, 2011, at 10:08 PM, alexei at soemail.rutgers.edu wrote:
>>>>
>>>>
>>>>
>>>>> Greetings,
>>>>>
>>>>> I'm trying to set OpenIndiana 151a as a storage server, ZFS/CIFS, in
>>>>> a
>>>>> cross Realm/Domain trust infrastructure. Namely, I have an MIT
>>>>> Kerbreros 5
>>>>> server, providing realm KRB.REALM.EDU, and an Active Directory
>>>>> Windows
>>>>> 2003 server, providing domain ADS.DOMAIN.EDU, set with cross
>>>>> DOMAIN/REALM
>>>>> two-way trust.
>>>>>
>>>>> The OpenIndiana ZFS/CIFS server is added to the domain,
>>>>> ADS.DOMAIN.EDU, and
>>>>> allows mapping shares onto Windows 7 desktops in the domain for the
>>>>> domain
>>>>> users, for example alex at ADS.DOMAIN.EDU.
>>>>> However, the user who logins to the same desktop as the realm user,
>>>>> such
>>>>> as alex at KRB.REALM.EDU, appears to ZFS/CIFS server as Guest and can
>>>>> not
>>>>> map the shares unlike the domain users.
>>>>>
>>>>> However, my NetApp filer, which also operates in ADS.DOMAIN.EDU, has
>>>>> no
>>>>> problem mapping the shares for both the domain and the realm
>>>>> accounts.
>>>>>
>>>>> Is there any limitation in ZFS/CIFS on OpenIndiana 151a that
>>>>> disallows
>>>>> access to the shares in the cross Domain/Realm two-way trust case?
>>>>>
>>>>> Any of your recommendations and advices would be appreciated.
>>>>> Thanks,
>>>>> Alexei
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OpenIndiana-discuss mailing list
>>>>> OpenIndiana-discuss at openindiana.org
>>>>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>>>>>
>>>>>
>>>> _______________________________________________
>>>> OpenIndiana-discuss mailing list
>>>> OpenIndiana-discuss at openindiana.org
>>>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OpenIndiana-discuss mailing list
>>> OpenIndiana-discuss at openindiana.org
>>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>>>
>> _______________________________________________
>> OpenIndiana-discuss mailing list
>> OpenIndiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
>>
>
>
> _______________________________________________
> OpenIndiana-discuss mailing list
> OpenIndiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
More information about the OpenIndiana-discuss
mailing list