[OpenAFS] Samba & aklog
Fri, 08 Aug 2014 11:32:16 +0200
Craig Huckabee skrev 2014-08-06 17:45:
> I had a request from a small group locally that needs to access
> their AFS space(s) via a Windows file share - installing the AFS
> client on these systems is not an option.
> So I started looking into doing this via Samba, using a dedicated
> server (RHEL6). I've got normal shares working, using Kerberos
> authentication to connect (works from OSX, Windows, etc).
> A little research turned up a suggestion of doing something like
> this in the smb.conf for AFS shares:
> root preexec = /usr/bin/aklog -setpag -cell mycell.mil -keytab
> /usr/afs/etc/rxkad.keytab -principal %u
> This almost works but I think I'm running into either PAG issues or
> some other weirdness. Testing the connection it appears that
> sometimes I get tokens, sometimes I don't. Not sure if I need to
> force the smbd into a new PAG on startup.
I did setup a quite well functioning samba gateway for AFS some years
ago. If memory serves correct it worked like this:
- Kerberos auth to smbd (no NTLM auth at all).
- Did not use PAGs on the file server.
- root preexec and kimpersonate was used to get AFS tokens.
I also run into problems with setting the PAG, but since it do not
matter to have it on the file server it could as well be skipped.