[OpenAFS] Samba & aklog
Craig Huckabee
huck@spawar.navy.mil
Wed, 06 Aug 2014 11:45:30 -0400
This is a cryptographically signed message in MIME format.
--------------ms090200080708050205040505
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
I had a request from a small group locally that needs to access their =
AFS space(s) via a Windows file share - installing the AFS client on=20
these systems is not an option.
So I started looking into doing this via Samba, using a dedicated=20
server (RHEL6). I've got normal shares working, using Kerberos=20
authentication to connect (works from OSX, Windows, etc).
A little research turned up a suggestion of doing something like this =
in the smb.conf for AFS shares:
=2E..
root preexec =3D /usr/bin/aklog -setpag -cell mycell.mil -keytab=20
/usr/afs/etc/rxkad.keytab -principal %u
=2E..
This almost works but I think I'm running into either PAG issues or=20
some other weirdness. Testing the connection it appears that sometimes=20
I get tokens, sometimes I don't. Not sure if I need to force the smbd=20
into a new PAG on startup.
Anyone else try this before ?
--Craig
--------------ms090200080708050205040505
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPCTCC
BLAwggOYoAMCAQICAxN/ODANBgkqhkiG9w0BAQUFADBdMQswCQYDVQQGEwJVUzEYMBYGA1UE
ChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEYMBYGA1UE
AxMPRE9EIEVNQUlMIENBLTMwMB4XDTEyMDYyODAwMDAwMFoXDTE1MDYyNzIzNTk1OVowdzEL
MAkGA1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQww
CgYDVQQLEwNQS0kxDDAKBgNVBAsTA1VTTjEkMCIGA1UEAxMbSFVDS0FCRUUuREFSWUwuQy4x
MjQ5MzUzNTYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMBlTX4je8F0SPjS
cXaCV0GZK2MGtJWIrWXHSdntCBbZ8DjF4UHeyj5pIYFkSp4TY0S8Q1MvqZQwH75R/fjcQqNJ
1ZEl+BrLP9E3wxArOD99B6SsNyTP+jIZt99oWcq/6fqykUOzq3UhYCdF8EI+nzvQk7StK20r
j9vEDCL6gdx6PKBrszzPIjptDUfY/XB9BIzi9tT0y3aa/KjG9LTpNr6nxysTRynni2Xjvj+f
0WM0kFkJXij/gWGb3+wkYOFl0/tTDD+rXlnXrpuQv43EH2lCa1E55AZ+QGwXEynxrG5EdYwO
Os+Oc+RS6ZWrQrmn67iel/xpEpErKV8uI8JnzQIDAQABo4IBXTCCAVkwHwYDVR0jBBgwFoAU
NWFmKAm8ViVbi8y/gV5hLDA50yEwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5kaXNh
Lm1pbC9jcmwvRE9ERU1BSUxDQV8zMC5jcmwwDgYDVR0PAQH/BAQDAgUgMCMGA1UdIAQcMBow
CwYJYIZIAWUCAQsJMAsGCWCGSAFlAgELEzAdBgNVHQ4EFgQULo9sHY06jhnYYvam795IsFjz
e1UwaAYIKwYBBQUHAQEEXDBaMDYGCCsGAQUFBzAChipodHRwOi8vY3JsLmRpc2EubWlsL3Np
Z24vRE9ERU1BSUxDQV8zMC5jZXIwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLmRpc2EubWls
MB8GA1UdEQQYMBaBFGh1Y2tAc3Bhd2FyLm5hdnkubWlsMBsGA1UdCQQUMBIwEAYIKwYBBQUH
CQQxBBMCVVMwDQYJKoZIhvcNAQEFBQADggEBAJi10dFdqcbcRITCQ3+cnrjfXbJ/N9KVuF8d
ijwBxC8Jlw+UeKQP3UABtfw0/aWCnwqbSCOF+ZPifv2NMIt/bPAKlw1ODkzZgdpU118YaAPC
q389MxnJFqm8kFSfGuf9ORYJSeNQ3fOqfG1l58Tat3CgkqJkPvGKG+Ivn968jbyu3QmnZ9XE
EU0xKcJoZH61bTdvk86ZFkGowOkp+bnIb65YUUYLLjGSWS+x7F80VZarnBTNXUc9qTWEwDeq
wTlGUQE+fzbXbHagH1XWgEQL5HplCCGlc2joaMjCKnbDSq4UJ4MVu88SttvP2bjvkjSXjNd/
/SD4Y60ls3phYWwT5Q8wggT7MIID46ADAgECAgMTfzIwDQYJKoZIhvcNAQEFBQAwXTELMAkG
A1UEBhMCVVMxGDAWBgNVBAoTD1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYD
VQQLEwNQS0kxGDAWBgNVBAMTD0RPRCBFTUFJTCBDQS0zMDAeFw0xMjA2MjgwMDAwMDBaFw0x
NTA2MjcyMzU5NTlaMHcxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQx
DDAKBgNVBAsTA0RvRDEMMAoGA1UECxMDUEtJMQwwCgYDVQQLEwNVU04xJDAiBgNVBAMTG0hV
Q0tBQkVFLkRBUllMLkMuMTI0OTM1MzU2MjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANSAZfToxDcbhUaBGBpMyM9C+uFbnGB+ejSexd5TMJ0kRPryWv1gE5q8LBLKm1GbBrU8
QaEH1eyb8kxGWpdXrn6NI62vede9Vf0dQamlPZK5zm0QbrGD3whH8G3qS+0jCjm5oUZS5cqf
X86ZZUGK8vbiBNmXLXPsF+j+4LkN4fAlVrDHbyJWmwstYbqI0nwlszx0X1tnp/90UzdPWZa5
FbZOv2/6fVT22Of0egDWmah2K1VJLeihSkbFcaU3lOz4ehWgykd97x2xBVQoUeLtomq+FGLx
1Gm5TXcei7+Jlrx/4RxkhIUGXuyK3YM+RHAx1D0lmzu8YxnsbQhdeNUTUxECAwEAAaOCAagw
ggGkMB8GA1UdIwQYMBaAFDVhZigJvFYlW4vMv4FeYSwwOdMhMDoGA1UdHwQzMDEwL6AtoCuG
KWh0dHA6Ly9jcmwuZGlzYS5taWwvY3JsL0RPREVNQUlMQ0FfMzAuY3JsMA4GA1UdDwEB/wQE
AwIGwDAjBgNVHSAEHDAaMAsGCWCGSAFlAgELCTALBglghkgBZQIBCxMwHQYDVR0OBBYEFIbE
X4jUFrshho5F7bJp7Ev6h4dQMGgGCCsGAQUFBwEBBFwwWjA2BggrBgEFBQcwAoYqaHR0cDov
L2NybC5kaXNhLm1pbC9zaWduL0RPREVNQUlMQ0FfMzAuY2VyMCAGCCsGAQUFBzABhhRodHRw
Oi8vb2NzcC5kaXNhLm1pbDA/BgNVHREEODA2gRRodWNrQHNwYXdhci5uYXZ5Lm1pbKAeBgor
BgEEAYI3FAIDoBAMDjEyNDkzNTM1NjJAbWlsMBsGA1UdCQQUMBIwEAYIKwYBBQUHCQQxBBMC
VVMwKQYDVR0lBCIwIAYKKwYBBAGCNxQCAgYIKwYBBQUHAwIGCCsGAQUFBwMEMA0GCSqGSIb3
DQEBBQUAA4IBAQCQTIQvLS9kuMGwXxQdjZ+Rickf6R+Gu4IBswSiRZVXYR64JqoDaEWfUXW+
osh0AnKgR84iUAbQ30cd9ffbKq/Xp3PlJzKp0UKXAqKJ5C0zccQc3bLjXH/RvZOqlgjYNwXt
8DaeJnzdAFc/P1eTFuZM8x7uCuKSj+o2d5StLUI7hzcvXr7DEEEzsEzZu6HZC5ziHqys45Pi
OEGoDKBB3LlVtw2CC/Z5OQJ5FdeBtTFnruALLohiqLXaUJamFKNQWH6myNnFgTCRUvxNZHPu
J0neQnZOZ+zrS2nV/UR3LljQTe/UYNvX1/XhXb9vKJqhK1px4iRzi4jru9TQB+7LiEZsMIIF
UjCCBDqgAwIBAgICAbkwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCVVMxGDAWBgNVBAoT
D1UuUy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxFjAUBgNVBAMT
DURvRCBSb290IENBIDIwHhcNMTEwOTA4MTYwMzA4WhcNMTcwOTA4MTYwMzA4WjBdMQswCQYD
VQQGEwJVUzEYMBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNV
BAsTA1BLSTEYMBYGA1UEAxMPRE9EIEVNQUlMIENBLTMwMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA5iki1BQm0ZgaUl7FhINzfsFgs7PQlL79HJRVv/aELJvJwHRz78zCmfKZ
yW3KFNN0/74Q8vctv8u7BqPumFBBZQHhVyy2y+TKHKx+UjQOsY4HJj4yNa+jYQrF5Qi2EnmM
VMF66fFQH12DOmcwsynbHTpMOSFQ2BgsjQZ17mNyeGitYpx1pJQG0zJrEq8GBym+E6DAp/Al
T7f+H7dX4BgSjSFqFblaVPt3ZdhMP/W6PMA34QZ+wr6eI4wo0ZrXxmc413PJvQcdhW/VlQqa
3No6TijwpesJ3+XbC81Hr4rNu2+UQONZnFCfyQ6pcQK53OlpgDqJO0UFIhgFhLUS8DzAgQID
AQABo4ICHDCCAhgwDgYDVR0PAQH/BAQDAgGGMB8GA1UdIwQYMBaAFEl0uwxeunr+AlTve6DG
lcYJgHCWMB0GA1UdDgQWBBQ1YWYoCbxWJVuLzL+BXmEsMDnTITASBgNVHRMBAf8ECDAGAQH/
AgEAMAwGA1UdJAQFMAOAAQAwZgYDVR0gBF8wXTALBglghkgBZQIBCwUwCwYJYIZIAWUCAQsJ
MAsGCWCGSAFlAgELETALBglghkgBZQIBCxIwCwYJYIZIAWUCAQsTMAwGCmCGSAFlAwIBAxow
DAYKYIZIAWUDAgEDGzA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLmRpc2EubWlsL2Ny
bC9ET0RST09UQ0EyLmNybDCCAQEGCCsGAQUFBwEBBIH0MIHxMDoGCCsGAQUFBzAChi5odHRw
Oi8vY3JsLmRpc2EubWlsL2lzc3VlZHRvL0RPRFJPT1RDQTJfSVQucDdjMCAGCCsGAQUFBzAB
hhRodHRwOi8vb2NzcC5kaXNhLm1pbDCBkAYIKwYBBQUHMAKGgYNsZGFwOi8vY3JsLmdkcy5k
aXNhLm1pbC9jbiUzZERvRCUyMFJvb3QlMjBDQSUyMDIlMmNvdSUzZFBLSSUyY291JTNkRG9E
JTJjbyUzZFUuUy4lMjBHb3Zlcm5tZW50JTJjYyUzZFVTP2Nyb3NzQ2VydGlmaWNhdGVQYWly
O2JpbmFyeTANBgkqhkiG9w0BAQUFAAOCAQEACohWHKVXJlpiy3XQ3YbFUuIv87wRZD+MLz4R
/JhgQPKADSiCmmj+4EhLJ9M6CnuV9gMMgRSRQjpgbOIrUy3s3xGu9VQX8AH5lwenm6sL26yX
iQnG7/kHNBYAqH4RU558L6E4opl5OTRBbn24WDBWiJ7kqmRF2aBEYjq35THTkYDxGxCyZ3DV
W6tZtFpIFkLEAkzabGjKUB0xvjeZx89TzEIpVsOdF8oD5xBa8Tk8HMz7G5cKJvMx3+CrXCSd
nt44fQJRZ0b5k3CF7QpVwvTBaFqfCMkde5t23FTvOYwY5QxE7vcGsh/1y+YOvdSh/9T5kQci
Unm3wP3ssviF9ET7XDGCA0YwggNCAgEBMGQwXTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD1Uu
Uy4gR292ZXJubWVudDEMMAoGA1UECxMDRG9EMQwwCgYDVQQLEwNQS0kxGDAWBgNVBAMTD0RP
RCBFTUFJTCBDQS0zMAIDE38yMAkGBSsOAwIaBQCgggG3MBgGCSqGSIb3DQEJAzELBgkqhkiG
9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE0MDgwNjE1NDUzMFowIwYJKoZIhvcNAQkEMRYEFBR1
JzvcWdsiFkS5/u9FGQTQlvnZMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEqMAsGCWCG
SAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYF
Kw4DAgcwDQYIKoZIhvcNAwICASgwcwYJKwYBBAGCNxAEMWYwZDBdMQswCQYDVQQGEwJVUzEY
MBYGA1UEChMPVS5TLiBHb3Zlcm5tZW50MQwwCgYDVQQLEwNEb0QxDDAKBgNVBAsTA1BLSTEY
MBYGA1UEAxMPRE9EIEVNQUlMIENBLTMwAgMTfzgwdQYLKoZIhvcNAQkQAgsxZqBkMF0xCzAJ
BgNVBAYTAlVTMRgwFgYDVQQKEw9VLlMuIEdvdmVybm1lbnQxDDAKBgNVBAsTA0RvRDEMMAoG
A1UECxMDUEtJMRgwFgYDVQQDEw9ET0QgRU1BSUwgQ0EtMzACAxN/ODANBgkqhkiG9w0BAQEF
AASCAQCvZbQqFqgWJxfUS8b/cDfRUFrDN/z+T9l2/ztRtGKfHWJm/rHQ5vnkBPIliPG12ugW
gi0VkHq4GgrNZCO8+8i4n+PzEwl7kpWMYajq89G85Uf+k9m0aAVtMBuX3M5UmKFAw0XA6rij
x35JfIDBGr2K+3Of2occcBjr7HYekEOkoq8Z4ZfuO/RlS4g5J7LxBmUjFoRQ5PobO9hn4rnI
6knGouyFg7vEKVTt7OdcWoPSYBe/AKiVgVRx40VfVw2Fcl5Whts6zpst0YQl07+fJP0Ee0A7
TMUzQxjpgepX2xddXzEApDovZmKzinxyIZM/MMT3GfVtlgXBT7l+OTWszx4GAAAAAAAA
--------------ms090200080708050205040505--