nfs not working with kerberos

Thu May 10 17:09:46 EDT 2007

Your DNS looks like it's working correctly then.

I would guess that client is trying to connect using NFSv3, and the
server is correctly complaining that the client is not listed for NFSv3
in /etc/exports.

Although it will generate huge amounts of text, try running the
following as root to help you debug. Sometimes you can quite decent
debug messages;

/usr/sbin/rpc.gssd -fvvv
/usr/sbin/rpc.idmapd -fvvv

Cheers,
Edward

On Thu, 2007-05-10 at 10:27 +0200, Luca Lauretta wrote:
> >If you run;
> >host 130.251.17.158
> >What does it return? The output of ' hostname -s ' and ' hostname -f ' 
> >would be interesting as well.
> 
> output of host 130.251.17.158 :
> 
> 158.17.251.130.in-addr.arpa domain name pointer sughero.reti.dist.unige.it.  
> (yes there is also a final full point..maybe is this the problem? in this 
> case, what should i correct?)
> 
> output of hostname -s :
> 
> sughero
> 
> output of hostname -f
> 
> sughero.reti.dist.unige.it
> 
> 
> >Both the client In your /etc/krb5.keytab you should have the appropriate 
> >keytab for nfs/hostname at REALM
> >eg;
> >nfs/sequoia.reti.dist.unige.it at RETI.DIST.UNIGE.IT
> >with encryption type of; des-cbc-crc:normal
> 
> yep they have
> 
> 
> >* On the server, edit /etc/default/nfs-kernel-server, and set; 
> >NEED_SVCGSSD=yes
> 
> i tried it but it works if i want only kerberized nfsv4 mounts, in fact it 
> substitutes the mountd daemon with this one
> 
> >* On the client and the server add to /etc/default/nfs-common set; 
> >NEED_IDMAPD=yes
> >* On the client and the server add to /etc/default/nfs-common set; 
> >NEED_GSSD=yes
> >* Create the /var/lib/nfs/rpc_pipefs directory
> >* Add to /etc/modules : rpcsec_gss_krb5
> >* Add to /etc/fstab: rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 
> >0 0
> >* Add to /etc/fstab: nfsd /proc/fs/nfsd nfsd defaults 0 0
> 
> set yet
> 
> >* Add to /etc/modules : rpcsec_gss_krb5
> 
> i'll let you know about his possibility
> 
> 
> >Hope this helps!
> 
> thx for answering
> 
> 
> Luca Lauretta wrote:
> >hi i'm struggling in configuring nfsv4 working with mit kerberos v5
> >
> >
> >/etc/exports on server (sequoia)
> >
> >#/home/condivisa sughero.reti.dist.unige.it(rw,sync)
> >/home/condivisa 
> >gss/krb5(rw,fsid=0,insecure,no_subtree_check,no_root_squash)
> >#/home/prova sughero.reti.dist.unige.it(rw,sync)
> >/home/prova gss/krb5(rw,sync)
> >
> >(commented lines are to do more testing, same for different options in 
> >gss/krb5 lines; without kerberos i get to mount the filesystems)
> >
> >/etc/fstab on client (sughero)
> >
> >sequoia:/home/condivisa /home/importata nfs defaults,noauto,sec=krb5
> >sequoia:/home/prova /home/verifica nfs defaults,noauto,sec=krb5
> >
> >
> >
> >from server (sequoia) /var/log/daemon.log i get:
> >
> >localhost mountd[30504]: mount request from unknown host 130.251.17.158 for 
> >/home/condivisa (/home/condivisa)
> >
> >(130.251.17.158 is sughero, even if it says unknown host and i get to 
> >connect to sughero thru other services, like ssh)
> >
> >from client (sughero) /var/log/daemon.log i get:
> >
> >localhost rpc.gssd[7950]: WARNING: Failed to obtain machine credentials for 
> >connection to server sequoia.reti.dist.unige.it
> >
> >when i try to mount the filesystem (for example mount /home/importata) i 
> >get:
> >mount: sequoia:/home/condivisa failed, reason given by server: Permission 
> >denied (i use gnomed debian 2.14.3, no ldap netapp and similars)
> >
> >i hope you can find the solution, i'm going out crazy
> >
> >thank you
> >
> 
> _________________________________________________________________
> Windows Live Hotmail: 2GB, protezione da virus e spam. GRATIS! 
> http://imagine-windowslive.com/hotmail/default.aspx?locale=it#0
> 