Hi,
I was very excited to see the new Kerberos announcements for 9.3, as I have an existing LDAP/Kerberos infrastructure. My infrastructure uses LDAP to store the Kerberos DB, and I have disabled simple binds against the LDAP server, instead using GSSAPI to authenticate against the stored Kerberos information.
In trying to get FreeNAS 9.3 connected to the LDAP server, I noticed that only simple binds are attempted (method=128) instead of GSSAPI/SASL binds (method=163).
Two questions:
(i) Is there a way to force GSSAPI/SASL binds?
(ii) Even without connecting to the LDAP, I assume that the NFS4 Kerberos functionality is still present, as long as I've configured by Kerberos realm in FreeNAS?
Thanks so much!
I was very excited to see the new Kerberos announcements for 9.3, as I have an existing LDAP/Kerberos infrastructure. My infrastructure uses LDAP to store the Kerberos DB, and I have disabled simple binds against the LDAP server, instead using GSSAPI to authenticate against the stored Kerberos information.
In trying to get FreeNAS 9.3 connected to the LDAP server, I noticed that only simple binds are attempted (method=128) instead of GSSAPI/SASL binds (method=163).
Two questions:
(i) Is there a way to force GSSAPI/SASL binds?
(ii) Even without connecting to the LDAP, I assume that the NFS4 Kerberos functionality is still present, as long as I've configured by Kerberos realm in FreeNAS?
Thanks so much!
