[opensuse] nfsv4 kerberos problem
Hi I've setup an nfs4 server in Yast. I enabled gss security, created an nfs principal and extracted it to /etc/krb5.keytab. That seems OK because without the keytab, the nfsserver would not start. Yast has created this: cat /etc/exports /home *(fsid=0,crossmnt,rw,root_squash,sync,no_subtree_check) mount -t /server:/ /mnt works fine, but makes no mention of Kerberos. I've tried /home gss/krb5(fsid=0,crossmnt,rw,root_squash,sync,no_subtree_check) and /home *(fsid=0,crossmnt,rw,root_squash,sync,no_subtree_check,sec=krb5) both of which give: mount.nfs4: access denied by server while mounting server:/ as does mount -t nfs4 server:/ /mnt -o sec=krb5 The server starts OK: Jan 27 22:45:07 hh3 nfsserver[7449]: Starting kernel based NFS server: svcgssd idmapd mountd statd nfsd sm-notify..done Kerberos is working OK elsewhere but what am I missing for the nfs service? What is the method to mount correctly kerberized? is what I've done enough? Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 27/01/12 22:56, lynn wrote:
Hi I've setup an nfs4 server in Yast. I enabled gss security, created an nfs principal and extracted it to /etc/krb5.keytab. That seems OK because without the keytab, the nfsserver would not start. Kerberos is working. Users can authenticate.
Am getting somewhere but still need help. I've created a pseudo filesystem: hh3:/ # mkdir /export hh3:/ # mkdir /export/home hh3:/ # mount --bind /home /export/home and edited: /etc/exports /export gss/krb5(rw,fsid=0,insecure,no_subtree_check,async) /export/home gss/krb5(rw,nohide,insecure,no_subtree_check,async) It mounts OK: mount -t nfs4 hh3:/home /mnt -o sec=krb5 mount gives: hh3:/home/ on /mnt type nfs4 (rw,relatime,vers=4,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=krb5,clientaddr=192.168.1.3,minorversion=0,local_lock=none,addr=192.168.1.3) and Kerberos responds: Kerberos: TGS-REQ HH3$@HH3.SITE from ipv4:192.168.1.3:35191 for nfs/hh3.hh3.site@HH3.SITE [canonicalize, renewable] Kerberos: TGS-REQ authtime: 2012-01-28T09:31:37 starttime: 2012-01-28T09:31:37 endtime: 2012-01-28T19:31:37 renew till: 2012-01-29T09:31:37 BUT, there are strange permissions on /mnt ls -la gives: d????????? ? ? ? ? ? mnt An authenticated Kerberos user gets: cd /mnt bash: cd: /mnt: Permission denied And only root can enter. What is causing these permissions? Any help most grateful. Thanks L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (1)
-
lynn