From owner-freebsd-fs@freebsd.org Fri Oct 5 02:22:18 2018 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CCCA710C03EB for ; Fri, 5 Oct 2018 02:22:18 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670044.outbound.protection.outlook.com [40.107.67.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6EB538DB65 for ; Fri, 5 Oct 2018 02:22:18 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from YTOPR0101MB1820.CANPRD01.PROD.OUTLOOK.COM (52.132.44.160) by YTOPR0101MB0921.CANPRD01.PROD.OUTLOOK.COM (52.132.43.157) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1207.18; Fri, 5 Oct 2018 02:22:17 +0000 Received: from YTOPR0101MB1820.CANPRD01.PROD.OUTLOOK.COM ([fe80::65af:417a:161f:f4eb]) by YTOPR0101MB1820.CANPRD01.PROD.OUTLOOK.COM ([fe80::65af:417a:161f:f4eb%3]) with mapi id 15.20.1207.021; Fri, 5 Oct 2018 02:22:17 +0000 From: Rick Macklem To: Felix Winterhalter , "freebsd-fs@freebsd.org" Subject: Re: NFSv4 Kerberos mount from Linux Thread-Topic: NFSv4 Kerberos mount from Linux Thread-Index: AQHUW9DS+OLl3kMYEUaTZ7pIOOpJR6UPKibngADATF4= Date: Fri, 5 Oct 2018 02:22:17 +0000 Message-ID: References: <30f6446c-6fed-4b1e-9cae-9c417974ec46@audiofair.de>, In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=rmacklem@uoguelph.ca; x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YTOPR0101MB0921; 6:3NZLLIu11twd/tKR4ORUCZvkS1JTEhbC4tB8uU+ePkVSrFIUSrmtjU3ziEYMtP2kXpG+qrIFlPlqX10CTYXG9twZ1fJ/LMDmCgaBTo/FJPBAjXX050R8Xb/zMI7cI5dXay0u2kHymy7mAf0mUED0R2HwX3St0WzwzIQZMX+eZpoJ1BoNZN6OjUi4zCv5QbDbJiDa9Lp7HptgI38flbRAPvsfrnr2lPscXbIfej9MKm769diyTYTqwSlVSzb9+1SK8zz53Aa0CceLFg+vnlAKsWCP+Ss1CCZiD3Xi004IEnA87R2zhh6FKaZ8IBIGruH7L5Rx/WuQxxtWTH/aC41S6B5B5ulyQD+eYB0F1UTeuyHT8m0Xl2KfsFreoXy+wDo5j8xWmP2qa0BlMj/syzSfHoJdmdqWq5R9PMGbr+14/ta+Jlzln0XK3Ein1I10cwJfrujUD2MDXce/HYYgjBH6ew==; 5:7ATJ5Z0gkX46HFlnmVTuZhgZMB1MxtFLjRQ5r7ovqNzf5/2NDszwMqYB5IF88iTka0U0+eFW8w2MuvJoeaKIpf7XUW9Hip/9ELo3F0s/P7G3r5f+nT9VbFn+nU7Gu8QwjHwvxFn97XxqPMz6Bc4OGj76bfjtsZt1QjRkc8BTCa0=; 7:kmaO0JjcxBQLvNeCxXgJuVEwkKFIwY0NyXfUbBcUR4NMn5gdDeCn2PuTcXEOJV9w6ygSaQuGrgH9xoT8PzX9QhpkSIRnJ9MdWYEiNMSVI9CAJJxPyArGVRAAtHDyrMZVPrDGPmBm8KmOSeM9l+znEBbNRDOy07EIyq1L/wQ6AIw65MUG9Plf41KkLsGXKJDk6OqZN3tn3T59ZBsXXQ7DUW87SSCV8xrrC715uCrYX3xwI0DRdI8TYELk8GaSgQgQ x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: 37216fc2-646f-48a1-b41b-08d62a695efc x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:YTOPR0101MB0921; x-ms-traffictypediagnostic: YTOPR0101MB0921: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(3231355)(944501410)(52105095)(10201501046)(149066)(150057)(6041310)(20161123560045)(20161123564045)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(201708071742011)(7699051)(76991048); SRVR:YTOPR0101MB0921; BCL:0; PCL:0; RULEID:; SRVR:YTOPR0101MB0921; x-forefront-prvs: 0816F1D86E x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(376002)(346002)(136003)(396003)(39860400002)(189003)(199004)(46003)(446003)(71200400001)(6246003)(9686003)(55016002)(74482002)(71190400001)(8676002)(8936002)(81166006)(6436002)(186003)(81156014)(2900100001)(11346002)(53936002)(106356001)(105586002)(110136005)(102836004)(229853002)(97736004)(5250100002)(5660300001)(6506007)(256004)(25786009)(99286004)(74316002)(86362001)(786003)(76176011)(316002)(2906002)(7696005)(33656002)(2501003)(305945005)(14454004)(68736007)(478600001)(476003)(486006); DIR:OUT; SFP:1101; SCL:1; SRVR:YTOPR0101MB0921; H:YTOPR0101MB1820.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: uoguelph.ca does not designate permitted sender hosts) x-microsoft-antispam-message-info: 8/90bx24ihlbkrjjQJ5bmzDfn219Z0wpUh5DetLleyFbDgRDv3XJSNQ1TdsgmI+b4gG8U2AVpsjKXt+r6Tfb+lDQd63v1woD12knZaYopMCUdJlgZhQTw0O5qxXoyjQYI4Im8rQD5kgipqdmsUK3hS6YNgOOIfjZg6ATEPn9K+9oeveDi8LWQ/EE7AJg0EOyWYNT2G+scBlShLNPAduM1ew53ID9N8nlI4Be6K5W05+jDkRqKxfl9CFnh1Ye6FzK3h1s4aCJt77ydQ2EXWLp+ZorrQJdl0XK/rm9pmlc69RqcK2Cq0JOSVnO543Js8wUDffRuPFH7Itv7wiz5nspV+qhNb7Isa0ZED0nvLmAmqk= spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-Network-Message-Id: 37216fc2-646f-48a1-b41b-08d62a695efc X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2018 02:22:17.2545 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTOPR0101MB0921 X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Oct 2018 02:22:19 -0000 I wrote: [stuff snipped] Btw, if you only mounting "/testexport", you can specify the "V4:" as "if you are only.." typo [more stuff snipped] >Btw, in case the Linux client is falling back on using AUTH_SYS at some po= int >during the mount, you could try allowing both krb5 and auth_sys by setting >"-sec=3Dsys,krb5,krb5i,krb5p" for both of the above lines. (I'd also sugge= st you Oops, the syntax is "-sec=3Dsys:krb5:krb5i:krb5p" (':'s and not ','s) And if you want to capture packets during a Linux mount attempt, you can run this on the FreeBSD server: # tcpdump -s 0 -w out.pcap host However you will want to look at out.pcap in wireshark, since it can decode= NFS. Good luck with it and please let us know if you learn more, rick