[30229] in Kerberos
Re: Configuring client for NFS
daemon@ATHENA.MIT.EDU (Martin Simovic)
Thu Aug 21 07:28:34 2008
From: Martin Simovic <msimovic@concurrent-thinking.com>
To: abhishek chowdhury <abhishek.brave@gmail.com>
In-Reply-To: <7a0e8c200808210408p72fb2094w24152e676ae0bf51@mail.gmail.com>
Date: Thu, 21 Aug 2008 12:27:18 +0100
Message-Id: <1219318038.7753.12.camel@precision.lan.streamline-computing.com>
Mime-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
looks like you are forgetting -t nfs4 ?
mount -t nfs4 -o sec=krb 17.201.112.127:/mount /home/mount
also, how does your /etc/exports look like?
the way NFS4 exports work have been changed dramatically (regardless of
kerberos in place or not)
mine /etc/exports looks like this
# NFS4 exports
/export gss/krb5(ro,fsid=0,no_subtree_check,crossmnt)
/export/home gss/krb5(rw,no_subtree_check)
furthermore mounts need to be something like this
/dev/mapper/data-home /home ext3
defaults,noexec,nosuid,nodev,usrquota,grpquota 0 3
/home /export/home none bind 0 0
Martin.
On Thu, 2008-08-21 at 16:38 +0530, abhishek chowdhury wrote:
> Now i am getting the ticket for nfs service also after re creating the
> pricncipals and keytab but still i am getting authentication error
> after the command
> mount -o sec=krb5 17.201.112.127:/mount /home/mount
>
> and according to the link
> (https://help.ubuntu.com/community/NFSv4Howto) i need to have only one
> entry for des but that is required only if client in non MAC ,in my
> case client is MAC , so i don\'t think there is any problem with
> entries for des.
>
>
>
> On 8/21/08, Martin Simovic <msimovic@concurrent-thinking.com> wrote:
> On Wed, 2008-08-20 at 23:00 -0700, Abhishek Chowdhury wrote:
> > > I want to set up NFS for kerberos authentication.
> > > I have created all the required principals and keytabs correctly and made an
> > > entry in etc/exports as
> > > /mount 17.224.21.59 -sec=krb5 -ro
> > >
> > > Now on client side after successful kinit i get the initial krbtgt ticket .
> > > after that when i am trying to run the command
> > > mount 17.201.112.127:/mount /home/mount
> > > I am getting permission denied and not getting the ticket for nfs .
> > > Is there any step to enable nfs for kerberos at client side.
> > > Any pointer will be very helpful. :working:
> > >
> >
> > Might help if I point you to this docs
> > https://help.ubuntu.com/community/NFSv4Howto
> >
> > will work for most recent distributions that do support NFS4
> > the problem where i was getting stuck was the fact that the
> > nfs/host.domain.com@REALM.TLD principal has to be extracted to the
> > keytab with the des encryption only (by default there is des and 3des -
> > won\'t work)
> >
> > M.
> >
> >
>
> --
> Regards
>
> Abhishek Chowdhury
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
