Hi,
On Wed, Mar 18, 2020 at 4:37 PM Markus Roth via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi Daniel,
thanks for pointing out the faulty mounting options. I changed it, but the nfs share is not still mounted.
I also checked IPA service principal for NFS and both server and client principals exists. I delete all configurations and setup this step by step as described at redhat doc again.
Can you show how your automount entries look like in LDAP? We also need sssd debug logs. Put debug level to 6 or more, restart sssd and trigger the issue again.
Thank you, François
Regards / Mit freundlichen Grüßen,
Markus Roth
dbischof@hrz.uni-kassel.de hat am 16. März 2020 um 09:23 geschrieben:
Hi Markus,
On Sun, 15 Mar 2020, Markus Roth via FreeIPA-users wrote:
I configured an automount location in my freeipa:
#>automount -m
autofs dump map information
global options: none configured Mount point: /-
source(s): 100000000|lookup_read_map: lookup(sss): getautomntent_r: No such file or directory failed to read map
Mount point: /Share
source(s):
instance type(s): sss map: auto.public
public | -fstype=nfs4,rw.sec=krb5,soft,rsize=8192,rsize=8192 nfs.example.com:/ The /etc/exports on my nfs server looks as follows: /export/data *(rw,fsid=0,sec=krb5:krb5i:krb5p) When I mount the nfs share with the root user on the client:
kinit <user> mount -vvv -t nfs4 -o sec=krb5 idefix.example.com:/ /Share
The root user can access the files mounted on the /Share directory But the <user> itself get the message: "access denied"
automount the share on the directory failed. Nothing is mounted.
Any hints to solve this will be appreciated!
are you positively sure that you have a properly configured IPA service principal for NFS? Last time i had this, i simply forgot that. Also, there is a suspiciously looking dot in your mount options ("... rw.sec=krb5 ...").
Mit freundlichen Gruessen/With best regards,
--Daniel.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
On Wed, Mar 18, 2020 at 7:07 PM Markus Roth markus@die5roths.de wrote:
Hi François,
I was able to achieve a small success with manual mounting. Instead of the following mount command:
mount -t nfs4 -o sec=krb5 nfs-server.example.com:/ /<mountpoint>
I changed this up to:
mount -t nfs4 -o sec=krb5i nfs-server.example.com:/ /<mountpoint>
If this works, how is the NFS file system exported in the first place? This smells like it's exported krb5i-only, or krb5i+krb5p-only, not krb5.
See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/htm... for an explanation of the difference.
with that at least every user can access all directories and files from the workstation's mountpoint.
I will create the necessary log files and make them, as soon as possible, available.
Markus Roth
François Cami fcami@redhat.com hat am 18. März 2020 um 18:53 geschrieben:
Hi,
On Wed, Mar 18, 2020 at 4:37 PM Markus Roth via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi Daniel,
thanks for pointing out the faulty mounting options. I changed it, but the nfs share is not still mounted.
I also checked IPA service principal for NFS and both server and client principals exists. I delete all configurations and setup this step by step as described at redhat doc again.
Can you show how your automount entries look like in LDAP? We also need sssd debug logs. Put debug level to 6 or more, restart sssd and trigger the issue again.
Thank you, François
Regards / Mit freundlichen Grüßen,
Markus Roth
dbischof@hrz.uni-kassel.de hat am 16. März 2020 um 09:23 geschrieben:
Hi Markus,
On Sun, 15 Mar 2020, Markus Roth via FreeIPA-users wrote:
I configured an automount location in my freeipa:
#>automount -m
autofs dump map information
global options: none configured Mount point: /-
source(s): 100000000|lookup_read_map: lookup(sss): getautomntent_r: No such file or directory failed to read map
Mount point: /Share
source(s):
instance type(s): sss map: auto.public
public | -fstype=nfs4,rw.sec=krb5,soft,rsize=8192,rsize=8192 nfs.example.com:/ The /etc/exports on my nfs server looks as follows: /export/data *(rw,fsid=0,sec=krb5:krb5i:krb5p) When I mount the nfs share with the root user on the client:
kinit <user> mount -vvv -t nfs4 -o sec=krb5 idefix.example.com:/ /Share
The root user can access the files mounted on the /Share directory But the <user> itself get the message: "access denied"
automount the share on the directory failed. Nothing is mounted.
Any hints to solve this will be appreciated!
are you positively sure that you have a properly configured IPA service principal for NFS? Last time i had this, i simply forgot that. Also, there is a suspiciously looking dot in your mount options ("... rw.sec=krb5 ...").
Mit freundlichen Gruessen/With best regards,
--Daniel.
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
freeipa-users@lists.fedorahosted.org