[OpenIndiana-discuss] cifs/server Kerberos support
Lionel Cons
lionelcons1972 at gmail.com
Thu Apr 28 21:43:48 UTC 2016
On 28 April 2016 at 23:24, Ray Van Dolson <rvandolson at esri.com> wrote:
> Hi, everyone -- this is OT as it's Nexenta related, but figured you
> folks here would know the answer. Also have a question out to Nexenta
> support as well.
>
> We're trying to get MSA's (Managed Service Accounts) to talk to a CIFS
> share on a Nexenta 3.1.6 system. I *believe* MSA's require Kerberos,
> and it doesn't appear the cifs/smb service on our 3.1.6 box supports
> Kerberos authentication, though it is AD joined.
>
> Can anyone confirm?
What will not work because Illumos krb5 is outdated. For AD
interoperability you need at least to update Illumos krb5 to MIT krb5
1.12 or better, or you have sporadic outages.
Given that Illumos krb5 is heavily modified and has kernel-based add
ons its nearly impossible to do except for one of the original SUN
engineers who have intimate knowledge of the krb5 update process.
Lionel
More information about the openindiana-discuss
mailing list