Mailinglist Archive: opensuse (818 mails)

< Previous Next >
[opensuse] nfs4 kerberos with AD2008R2 - kinit success but mount failed
  • From: Nattapon Viroonsri <linuxbkk@xxxxxxxxx>
  • Date: Fri, 23 Sep 2011 11:43:03 +0700
  • Message-id: <CA+1OVfZrPqgcCC4w-NZ8ZdRYZYsH9ZkVi4_=NNvyHA0Z6_9QOg@mail.gmail.com>
Hi,

I try to use nfs4 authentication with Active directory 2008

I created keytab files by ktpass on AD then transfer to linux
and also try dynamic generated keytab on linux during join domain
Have same issue,

kinit success to authenticated, but mount still faile with permission denied
Any suggestion , would be appreciate

nfs server: suse1.reuint.com ( SLES11 SP1)
nfs client: krbclient.reuint.com ( SLES11 SP1)
Windows2008 SP2 standard edition: ad2008.reuint.com ( windows2008R2
standard edition)


# ------ Both NFS Server and NFS Client can join domain ---------------


rcwinbind stop
rcnfsserver stop
net -Ureutadmin%'mypasswd' ads leave
net -Ureutadmin%'mypasswd' ads keytab flush
kdestroy
\rm /etc/krb5.keytab
\rm /tmp/kr*

net -Ureutadmin%'mypasswd' ads join createupn='nfs/suse1.reuint.com@xxxxxxxxxx'
net -Ureutadmin%'mypasswd' ads keytab add nfs

rcwinbind start


suse1:~/keytab # wbinfo -u
REUINT\administrator
REUINT\guest
REUINT\krbtgt
REUINT\reutadmin



suse1:~/keytab # ssh REUINT\\reutadmin@localhost
Password:
Last login: Tue Sep 20 10:13:54 2011 from localhost
Could not chdir to home directory /home/REUINT/reutadmin: No such file
or directory
REUINT\reutadmin@suse1:/>exit



#------- ON NFS Server -----------------------------------------

suse1:~/keytab # klist -ke
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal

2 nfs/suse1.reuint.com@xxxxxxxxxx (DES cbc mode with CRC-32)
2 nfs/suse1.reuint.com@xxxxxxxxxx (DES cbc mode with RSA-MD5)
2 nfs/suse1.reuint.com@xxxxxxxxxx (ArcFour with HMAC/md5)
2 nfs/suse1@xxxxxxxxxx (DES cbc mode with CRC-32)
2 nfs/suse1@xxxxxxxxxx (DES cbc mode with RSA-MD5)
2 nfs/suse1@xxxxxxxxxx (ArcFour with HMAC/md5)

suse1:~/keytab # kinit -V -k nfs/suse1.reuint.com@xxxxxxxxxx
Authenticated to Kerberos v5


#------- ON NFS Client -----------------------------------------------

krbclient:~ # klist -ke

Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
2 nfs/krbclient.reuint.com@xxxxxxxxxx (DES cbc mode with CRC-32)
2 nfs/krbclient.reuint.com@xxxxxxxxxx (DES cbc mode with RSA-MD5)
2 nfs/krbclient.reuint.com@xxxxxxxxxx (ArcFour with HMAC/md5)
2 nfs/krbclient@xxxxxxxxxx (DES cbc mode with CRC-32)
2 nfs/krbclient@xxxxxxxxxx (DES cbc mode with RSA-MD5)
2 nfs/krbclient@xxxxxxxxxx (ArcFour with HMAC/md5)

krbclient:~ # kinit -V -k nfs/krbclient.reuint.com
Authenticated to Kerberos v5


krbclient:~ # showmount -e suse1.reuint.com
Export list for suse1.reuint.com:
/media/nfs4server gss/krb5i,gss/krb5

krbclient:~ # mount -vvv -tnfs4 -o sec=krb5 suse1.reuint.com:/ /media/nfs/
mount: fstab path: "/etc/fstab"
mount: mtab path: "/etc/mtab"
mount: lock path: "/etc/mtab~"
mount: temp path: "/etc/mtab.tmp"
mount: UID: 0
mount: eUID: 0
mount: spec: "suse1.reuint.com:/"
mount: node: "/media/nfs/"
mount: types: "nfs4"
mount: opts: "sec=krb5"
mount: external mount: argv[0] = "/sbin/mount.nfs4"
mount: external mount: argv[1] = "suse1.reuint.com:/"
mount: external mount: argv[2] = "/media/nfs/"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,sec=krb5"
mount.nfs4: timeout set for Tue Sep 20 11:05:15 2011
mount.nfs4: trying text-based options
'sec=krb5,addr=192.168.125.130,clientaddr=192.168.125.132'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting suse1.reuint.com:/

----------------------------------------------

Rgds,
Nattapon
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages