NFS IO on kerberized export failing with permission denied error

parinay parinay at gmail.com
Mon Apr 14 06:26:25 EDT 2008 

Hi,

I am failing to do NFS io on a volume with sec=krb5. The logs are below, to
give you an exact idea.

-All clients and KDC are in time sync

-Every machine is reachable with hostname.

-kinit/kadmin works from client

-mount works but cd/ls fails on mounted path

-KDC -2.6.18-8.1.3.el5

-client-SunOS kc1b6 5.10 Generic_118855-33 i86pc i386 i86pc

-NFS exports from - Netapp filer


exportfs
/vol/vol1       -sec=krb5,rw,anon=0

options nfs.kerb
nfs.kerberos.enable          on
nfs.kerberos.file_keytab.enable on
nfs.kerberos.principal       rtpqa-fas6080-7.rtp.netapp.com
nfs.kerberos.realm           NAS.SSQA.RTP.NETAPP.COM
options kerb
kerberos.file_keytab.enable  on
kerberos.file_keytab.principal rtpqa-fas6080-7.rtp.netapp.com
kerberos.file_keytab.realm   NAS.SSQA.RTP.NETAPP.COM
kerberos.replay_cache.enable off

kadmin.local
Authenticating as principal root/admin at NAS.SSQA.RTP.NETAPP.COM with
password.
kadmin.local:  listprincs
K/M at NAS.SSQA.RTP.NETAPP.COM
changepw/kc1b8-e0.nas.ssqa.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
kadmin/admin at NAS.SSQA.RTP.NETAPP.COM
kadmin/changepw at NAS.SSQA.RTP.NETAPP.COM
kadmin/history at NAS.SSQA.RTP.NETAPP.COM
kadmin/kc1b8-e0.nas.ssqa.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
kiprop/kc1b8-e0.nas.ssqa.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
krbtgt/NAS.SSQA.RTP.NETAPP.COM at NAS.SSQA.RTP.NETAPP.COM
nfs/kc1b6-e0.nas.ssqa.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
nfs/rtpqa-fas3170-9-vif1.nas.ssqa.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
nfs/rtpqa-fas6080-7.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
parinay/admin at NAS.SSQA.RTP.NETAPP.COM
parinay/kc1b6-e0.nas.ssqa.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
root/admin at NAS.SSQA.RTP.NETAPP.COM
root/kc1b6-e0.nas.ssqa.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
kadmin.local:

klist -k /tmp/6080.keytab
Keytab name: FILE:/tmp/6080.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   3 nfs/rtpqa-fas6080-7.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
# klist -k /tmp/kc1b6.keytab
Keytab name: FILE:/tmp/kc1b6.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   3 root/kc1b6-e0.nas.ssqa.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
   3 parinay/kc1b6-e0.nas.ssqa.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM
   3 nfs/kc1b6-e0.nas.ssqa.rtp.netapp.com at NAS.SSQA.RTP.NETAPP.COM

bash-3.00# cd /mnt/krb
bash: cd: /mnt/krb: Permission denied
bash-3.00#mount

/mnt/krb on rtpqa-fas6080-7:/vol/vol1
remote/read/write/setuid/devices/vers=3/sec=krb5/xattr/dev=4700013 on Mon
Apr 14 05:34:27 2008


-- 
easy is right
begin right and you're easy
continue easy and you're right
the right way to go easy is to forget the right way
and forget that the going is easy....

More information about the Kerberos mailing list