Configuring client for NFS
msimovic at concurrent-thinking.com
Thu Aug 21 07:27:18 EDT 2008
looks like you are forgetting -t nfs4 ?
mount -t nfs4 -o sec=krb 22.214.171.124:/mount /home/mount
also, how does your /etc/exports look like?
the way NFS4 exports work have been changed dramatically (regardless of
kerberos in place or not)
mine /etc/exports looks like this
# NFS4 exports
furthermore mounts need to be something like this
/dev/mapper/data-home /home ext3
defaults,noexec,nosuid,nodev,usrquota,grpquota 0 3
/home /export/home none bind 0 0
On Thu, 2008-08-21 at 16:38 +0530, abhishek chowdhury wrote:
> Now i am getting the ticket for nfs service also after re creating the
> pricncipals and keytab but still i am getting authentication error
> after the command
> mount -o sec=krb5 126.96.36.199:/mount /home/mount
> and according to the link
> (https://help.ubuntu.com/community/NFSv4Howto) i need to have only one
> entry for des but that is required only if client in non MAC ,in my
> case client is MAC , so i don\'t think there is any problem with
> entries for des.
> On 8/21/08, Martin Simovic <msimovic at concurrent-thinking.com> wrote:
> On Wed, 2008-08-20 at 23:00 -0700, Abhishek Chowdhury wrote:
> > > I want to set up NFS for kerberos authentication.
> > > I have created all the required principals and keytabs correctly and made an
> > > entry in etc/exports as
> > > /mount 188.8.131.52 -sec=krb5 -ro
> > >
> > > Now on client side after successful kinit i get the initial krbtgt ticket .
> > > after that when i am trying to run the command
> > > mount 184.108.40.206:/mount /home/mount
> > > I am getting permission denied and not getting the ticket for nfs .
> > > Is there any step to enable nfs for kerberos at client side.
> > > Any pointer will be very helpful. :working:
> > >
> > Might help if I point you to this docs
> > https://help.ubuntu.com/community/NFSv4Howto
> > will work for most recent distributions that do support NFS4
> > the problem where i was getting stuck was the fact that the
> > nfs/host.domain.com at REALM.TLD principal has to be extracted to the
> > keytab with the des encryption only (by default there is des and 3des -
> > won\'t work)
> > M.
> Abhishek Chowdhury
More information about the Kerberos