I followed these instructions to enable kerberos within my realm/domain.
My FreeIPA, NFS server and my NFS client is CentOS 7.4
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/kerb-nfs.h...
I’m completely stuck in that when I mount the NFS share I get
Sudo mount -o sec=krb5p share.example.com:/data/shared /mnt/shared
“mount.nfs: access denied by server while mounting share.example.com:/data/shared”
My /etc/exports file /data/shared 172.16.0.0/24(sec=krb5p, rw, ...)
On my nfs server /var/log/messages all i see is
rpc.mountd[1674]: authenticated mount request from 172.16.0.23:819 for /data/shared (/data/shared)
If i remove the “sec=krb5p” from the mount and the exports file it mounts just fine.
-Kevin
Kevin Vasko via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
I followed these instructions to enable kerberos within my realm/domain.
My FreeIPA, NFS server and my NFS client is CentOS 7.4
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/kerb-nfs.h...
I’m completely stuck in that when I mount the NFS share I get
Sudo mount -o sec=krb5p share.example.com:/data/shared /mnt/shared
“mount.nfs: access denied by server while mounting share.example.com:/data/shared”
My /etc/exports file /data/shared 172.16.0.0/24(sec=krb5p, rw, ...)
On my nfs server /var/log/messages all i see is
rpc.mountd[1674]: authenticated mount request from 172.16.0.23:819 for /data/shared (/data/shared)
If i remove the “sec=krb5p” from the mount and the exports file it mounts just fine.
What messages to you see from rpc.gssd on the client (assuming you're using gssproxy)? Also, anything in gssproxy logs on the server or client?
Thanks, --Robbie
I actually ended up figuring this out. For whatever reasons NFS_SECURE=“yes” was not in the configuration file (/etc/sysconfig/nfs). Once I added that to the configuration on the NFS server and the client (not sure if it’s needed there or not) but it started working after resetting all the services.
Thanks for the reply.
-Kevin
On Nov 8, 2018, at 12:46 PM, Robbie Harwood rharwood@redhat.com wrote:
Kevin Vasko via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
I followed these instructions to enable kerberos within my realm/domain.
My FreeIPA, NFS server and my NFS client is CentOS 7.4
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/kerb-nfs.h...
I’m completely stuck in that when I mount the NFS share I get
Sudo mount -o sec=krb5p share.example.com:/data/shared /mnt/shared
“mount.nfs: access denied by server while mounting share.example.com:/data/shared”
My /etc/exports file /data/shared 172.16.0.0/24(sec=krb5p, rw, ...)
On my nfs server /var/log/messages all i see is
rpc.mountd[1674]: authenticated mount request from 172.16.0.23:819 for /data/shared (/data/shared)
If i remove the “sec=krb5p” from the mount and the exports file it mounts just fine.
What messages to you see from rpc.gssd on the client (assuming you're using gssproxy)? Also, anything in gssproxy logs on the server or client?
Thanks, --Robbie
freeipa-users@lists.fedorahosted.org