Hopefully a quick question.
Specs:
NFS Server 2008 R2 using AD 2003 FFL/DFL but forest prepped for 2008 R2 (Schema level 47)
NFS Authentication on Share set to Kerberos krb5i, Kerberos Krb5 and No server authentication (Auth_Sys)
Scenario:
Accessing an NFS share on the 2008R2 server from a Linux client.
Problem:
When I access the NFS share from Linux as a mapped user it allows me read/write permissions to the folder regardless of whether that AD user has NTFS permisisons to the share. Basically any Linux user that is mapped to a user/group in AD, regardless of NTFS permissions has read write access.
If I access the NFS share as a non mapped user I get access denied, which is as it should.
I have tried unticking the Auth_Sys Authentication option on the NFS share but this results in access denied on the Linux client despite the mapped user having modify access.
I have set the NFS server to log mapping errors but none show unless I try to access with an unmapped user.
Does anyone have any ideas?