On 2025-03-30 10:25, Alexander Bokovoy wrote:
The access should work, yes, as long as AD DCs are able to resolve those
SIDs. I have not seen whether it is possible to make third-party NFS
storages (NetApp, Isilon, etc) to work in such configuration, but this
is more to those companies, not Microsoft.
Final comment on file-shares, I have not been able to make Kerberized
NFSv4.1 work, on the Windows-server. I assume that it is possible, and
made quick and dirty half-hearted attempt, without succes. There are
some guides:
https://techcommunity.microsoft.com/blog/filecab/how-to-nfs-kerberos-configuration-with-linux-client/424552
https://tbellembois.github.io/kerberos.html
It could be related to both trust, and idmapping. It works on all our
linux-file servers - but I have not tried Kerberized NFS-shares via a
trust relationship in bare bone kerberos setting either, so spending to
much time in this frankenstein lab-configuration, is not worth it,
especially since smb/cifs-shares on the servers works beautiful already.
It is probably better just to start from a pure AD-setup, with one
adjoined-linux-client, and experiment from there. And then test with
another client through the trust-relationship. If anyone have any good
information regarding nfs-kerberos, trust, or kerberized nfs from
windows, I would be happy to chek it out.
--
Vennlig Hilsen
Jostein Fossheim
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
