* Excessive group membership causes permission denied
@ 2013-03-18 18:46 Norman Elton
0 siblings, 0 replies; only message in thread
From: Norman Elton @ 2013-03-18 18:46 UTC (permalink / raw)
To: linux-nfs
There is a fairly well documented bug that we've run against. When
using Active Directory as a KDC, users with a large number of group
memberships can overrun a UDP packet, causing Kerberos to fall back to
TCP. When a user logs into the system, they have a kerberos ticket,
but get a "permission denied" when accessing the NFS share. We've
reproduced this by taking a functioning user, adding tons of group
membership. The error message pops right up.
The traditional fix is to set NO_AUTH_DATA_REQUIRED on the NFS
server's machine account, as explained here:
http://theether.net/kb/100205.
While this seems to work, it's a bit of a dirty hack. Any thoughts on
a root-cause? We're happy to serve as a guinea pig if anyone can point
us in the right direction.
Thanks,
Norman
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2013-03-18 18:46 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-18 18:46 Excessive group membership causes permission denied Norman Elton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.