From owner-freebsd-net@FreeBSD.ORG Tue Oct 12 13:25:15 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 95F08106564A for ; Tue, 12 Oct 2010 13:25:15 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-annu.mail.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id 501898FC15 for ; Tue, 12 Oct 2010 13:25:15 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: ApwEAAT4s0yDaFvO/2dsb2JhbACDHp8jqjiSU4EigzJ0BIpB X-IronPort-AV: E=Sophos;i="4.57,320,1283745600"; d="scan'208";a="95000259" Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.206]) by esa-annu-pri.mail.uoguelph.ca with ESMTP; 12 Oct 2010 08:56:23 -0400 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 9889DB3F3E; Tue, 12 Oct 2010 08:56:23 -0400 (EDT) Date: Tue, 12 Oct 2010 08:56:23 -0400 (EDT) From: Rick Macklem To: Giulio Ferro Message-ID: <933937287.513420.1286888183571.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <4CB457C4.2020205@zirakzigil.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [99.225.56.115] X-Mailer: Zimbra 6.0.7_GA_2476.RHEL4 (ZimbraWebClient - SAF3 (Mac)/6.0.7_GA_2473.RHEL4_64) Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: nfsv4 with kgssapi X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Oct 2010 13:25:15 -0000 > I'm trying to setup a nfs server which uses the kerberized rpc > header, so to overcome the problem with 16 groups: > > http://www.mail-archive.com/freebsd-stable@freebsd.org/msg109809.html > > > FreeBSD 8 amd64 stable last (yesterday) > > Following the man page for nfsv4 I have compiled the kernel with > ----- > options KGSSAPI > device crypto > ----- > > My files: > > > /etc/exports > ----- > V4: /mydir -sec=krb5:krb5i:krb5p -network 192.168.0 -mask > 255.255.255.0 You also need an entry for the file system ("/mydir" ??) like: /mydir -sec=krb5:krb5i:krb5p -network 192.168.0.0 -mask 255.255.255.0 (The V4: line only sets where the NFSv4 root is, it does not actually export the file system, so something like the above line is needed as well.) > > /etc/rc.conf > ----- > ... > nfs_server_enable="YES" > nfsv4_server_enable="YES" > nfsuserd_enable="YES" > gssd_enable="YES" > ... > ----- > > All daemons start ok, but in the logs I see: > nfsd[...]: no gssd, using AUTH_SYS only > > Even though gssd is up and running. > You need an entry in your default keytab file (/etc/krb5.keytab) for the principal: nfs/@ using encryption type des-cbc-crc. If you don't have that, it might explain why it isn't working. Check /var/log/messages for any indications that there is a problem. Also, you might want to look at http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup if you haven't done so already. Good luck with it, rick ps: Kerberized NFS works for NFSv3 as well.