5:22 p.m.
I followed these instructions to enable kerberos within my realm/domain.
My FreeIPA, NFS server and my NFS client is CentOS 7.4
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/kerb-nf...
I’m completely stuck in that when I mount the NFS share I get
Sudo mount -o sec=krb5p share.example.com:/data/shared /mnt/shared
“mount.nfs: access denied by server while mounting share.example.com:/data/shared”
My /etc/exports file
/data/shared 172.16.0.0/24(sec=krb5p, rw, ...)
On my nfs server /var/log/messages all i see is
rpc.mountd[1674]: authenticated mount request from 172.16.0.23:819 for /data/shared
(/data/shared)
If i remove the “sec=krb5p” from the mount and the exports file it mounts just fine.
-Kevin
12:46 p.m.
New subject: Getting access denied when using kerberos when mounting nfs share
Kevin Vasko via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
writes:
I followed these instructions to enable kerberos within my
realm/domain.
My FreeIPA, NFS server and my NFS client is CentOS 7.4
https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/kerb-nf...
I’m completely stuck in that when I mount the NFS share I get
Sudo mount -o sec=krb5p share.example.com:/data/shared /mnt/shared
“mount.nfs: access denied by server while mounting share.example.com:/data/shared”
My /etc/exports file
/data/shared 172.16.0.0/24(sec=krb5p, rw, ...)
On my nfs server /var/log/messages all i see is
rpc.mountd[1674]: authenticated mount request from 172.16.0.23:819 for /data/shared
(/data/shared)
If i remove the “sec=krb5p” from the mount and the exports file it mounts just fine.
What messages to you see from rpc.gssd on the client (assuming you're
using gssproxy)? Also, anything in gssproxy logs on the server or
client?
Thanks,
--Robbie
2:11 p.m.
New subject: Getting access denied when using kerberos when mounting nfs share
I actually ended up figuring this out. For whatever reasons NFS_SECURE=“yes” was not in
the configuration file (/etc/sysconfig/nfs). Once I added that to the configuration on the
NFS server and the client (not sure if it’s needed there or not) but it started working
after resetting all the services.
Thanks for the reply.
-Kevin
> On Nov 8, 2018, at 12:46 PM, Robbie Harwood <rharwood(a)redhat.com> wrote:
>
> Kevin Vasko via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
> writes:
>
>> I followed these instructions to enable kerberos within my realm/domain.
>>
>> My FreeIPA, NFS server and my NFS client is CentOS 7.4
>>
>> https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/kerb-nf...
>>
>> I’m completely stuck in that when I mount the NFS share I get
>>
>> Sudo mount -o sec=krb5p share.example.com:/data/shared /mnt/shared
>>
>> “mount.nfs: access denied by server while mounting
share.example.com:/data/shared”
>>
>> My /etc/exports file
>> /data/shared 172.16.0.0/24(sec=krb5p, rw, ...)
>>
>> On my nfs server /var/log/messages all i see is
>>
>> rpc.mountd[1674]: authenticated mount request from 172.16.0.23:819 for
/data/shared (/data/shared)
>>
>> If i remove the “sec=krb5p” from the mount and the exports file it mounts just
fine.
>
> What messages to you see from rpc.gssd on the client (assuming you're
> using gssproxy)? Also, anything in gssproxy logs on the server or
> client?
>
> Thanks,
> --Robbie
1989
days inactive
1991
days old
freeipa-users@lists.fedorahosted.org
2 comments
2 participants
participants (2)
-
Kevin Vasko -
Robbie Harwood