From owner-freebsd-stable@FreeBSD.ORG Fri Jan 27 18:33:06 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB9B2106566B; Fri, 27 Jan 2012 18:33:06 +0000 (UTC) (envelope-from yuri.pankov@gmail.com) Received: from sirius.xvoid.org (sirius.xvoid.org [IPv6:2001:470:28:4ba:20c:29ff:fe62:9a22]) by mx1.freebsd.org (Postfix) with ESMTP id 8C1718FC0C; Fri, 27 Jan 2012 18:33:06 +0000 (UTC) Received: from sirius.xvoid.org (yuri@sirius.xvoid.org [IPv6:::1]) by sirius.xvoid.org (8.14.5/8.14.5) with ESMTP id q0RIX3tq037687; Fri, 27 Jan 2012 22:33:03 +0400 (MSK) (envelope-from yuri.pankov@gmail.com) Received: (from yuri@localhost) by sirius.xvoid.org (8.14.5/8.14.5/Submit) id q0RIX3M7037686; Fri, 27 Jan 2012 22:33:03 +0400 (MSK) (envelope-from yuri.pankov@gmail.com) X-Authentication-Warning: sirius.xvoid.org: yuri set sender to yuri.pankov@gmail.com using -f Date: Fri, 27 Jan 2012 22:33:03 +0400 From: Yuri Pankov To: Giulio Ferro Message-ID: <20120127183303.GG1070@sirius.xvoid.org> References: <4F22E5D7.4000707@zirakzigil.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SO98HVl1bnMOfKZd" Content-Disposition: inline In-Reply-To: <4F22E5D7.4000707@zirakzigil.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: "freebsd-net@freebsd.org" , freebsd-stable@freebsd.org Subject: Re: kerberized NFS X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jan 2012 18:33:07 -0000 --SO98HVl1bnMOfKZd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 27, 2012 at 06:58:47PM +0100, Giulio Ferro wrote: > I'm trying to setup a kerberized NFS system made of a server and a > client (both freebsd 9 amd64 stable) >=20 > I've tried to follow this howto: > http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup >=20 > But couldn't get much out of it. >=20 > First question : is this howto still valid or something more recent > should be followed? I've searched with Google but I've come up empty. >=20 > I've set up kerberos heimdal, created the dns entries for both > client and server, set up krb5.keytab and copied it to client, set > up nfs4 according to man nfsv4: >=20 > (server) > cat /etc/exports > V4: /usr/src -sec=3Dkrb5:krb5i:krb5p >=20 > and then tried to mount it from the client: >=20 > mount_nfs -o ntfsv4,sec=3Dkrb5i,gssname=3Dnfs=20 > nfsinternal1.dcssrl.it:/usr/src /usr/src > > but it failed with : > [tcp] nfsinternal1.dcssrl.it:/usr/src: Permission denied >=20 > Can you point me to something that I might have got wrong? Not really related to Kerberos question, but.. Some problems here: - ntfsv4 - probably a typo - more serious one - V4: line specifies the ROOT of NFSv4 exported FS - nfsinternal1.dcssrl.it:/usr/src points to /usr/src/usr/src. What you /etc/exports could look like (the way it works for me, doesn't mean that it's correct though): /usr/src V4: / -sec=3Dkrb5:krb5i:krb5p Yuri --SO98HVl1bnMOfKZd Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQIcBAABAgAGBQJPIu3fAAoJEF9SuVmZPGsqs0AP/i5DlKKBjM8r4grf0LkWLJmr p6A+AqhBHRE7Ei3I+XxwKGk1gI3uBYTgNpXFNeVlsv2Qf4R+2LdhDSmCj8Z3X16S Y+Ro+lbMP4++sUm44BCouxzx/a9TGzAeW8P9KZwG7DrdreBuVc5FI/WxbyxVTbrW QeEdh7oNhp/yj5S4AkX0Kd2/w1GcwPX/kK8PvdxSOJ6bzSnRvBRiXHq2A5Lm727g vrl+OmwqKf2ibAQQCqKVVfjr9PTR+UQjPeGJnw3lFokOfz4grqDM11aZEtdTK8WT 4aUaarswptDpHEGp7KM9NePa2AqvatlWjfU6u9n66+yg1QyoSVAwrKVacXnNt81k uAHEk0eoI8PSWyunZ0CjAFf7DNe0KcyCgJ8oWqSZSRhuE9yCQ0dSUQtfA5LpRS0n HM6ZPTlcaBqrMxlpaEGHa1dXoQZ75ZnZz2cG/xRTZAhz86rfmqVA3Rl0NxzWBi/+ RcpR7RmuIvzXP0/OcA4WMCmxUU1mmD0MTJNrg++naTVEBS40ulme1bh/y8KbeQin EwiyeNx9t6EXyG/43EqeYUkkMNxke4uvO4Dt98bRhpUG68/I3pqpClLozD46sFRv ZeKvL7z+yBkk6IsHdX/SgMdV262OnCVLezqntDWVQAR9yd6u62hy4gzGbcTtGvsD pNQLZCdWUYo0gaWIdLFH =OhN3 -----END PGP SIGNATURE----- --SO98HVl1bnMOfKZd--