Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 27 Jan 2012 19:00:47 -0500 (EST)
From:      Rick Macklem <rmacklem@uoguelph.ca>
To:        Yuri Pankov <yuri.pankov@gmail.com>
Cc:        freebsd-net@freebsd.org, Giulio Ferro <auryn@zirakzigil.org>, freebsd-stable@freebsd.org
Subject:   Re: kerberized NFS
Message-ID:  <708626908.299589.1327708847263.JavaMail.root@erie.cs.uoguelph.ca>
In-Reply-To: <20120127183303.GG1070@sirius.xvoid.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
Yuri Pankov wrote:
> On Fri, Jan 27, 2012 at 06:58:47PM +0100, Giulio Ferro wrote:
> > I'm trying to setup a kerberized NFS system made of a server and a
> > client (both freebsd 9 amd64 stable)
> >
> > I've tried to follow this howto:
> > http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup
> >
> > But couldn't get much out of it.
> >
> > First question : is this howto still valid or something more recent
> > should be followed? I've searched with Google but I've come up
> > empty.
> >
> > I've set up kerberos heimdal, created the dns entries for both
> > client and server, set up krb5.keytab and copied it to client, set
> > up nfs4 according to man nfsv4:
> >
> > (server)
> > cat /etc/exports
> > V4: /usr/src -sec=krb5:krb5i:krb5p
> >
> > and then tried to mount it from the client:
> >
> > mount_nfs -o ntfsv4,sec=krb5i,gssname=nfs
> > nfsinternal1.dcssrl.it:/usr/src /usr/src
> >
> > but it failed with :
> > [tcp] nfsinternal1.dcssrl.it:/usr/src: Permission denied
> >
> > Can you point me to something that I might have got wrong?
> 
> Not really related to Kerberos question, but.. Some problems here:
> - ntfsv4 - probably a typo
> - more serious one - V4: line specifies the ROOT of NFSv4 exported FS
> - nfsinternal1.dcssrl.it:/usr/src points to /usr/src/usr/src.
> 
> What you /etc/exports could look like (the way it works for me,
> doesn't
> mean that it's correct though):
> 
> /usr/src <options> <v3hosts>
> V4: / -sec=krb5:krb5i:krb5p <v4hosts>
> 
> 
> Yuri
Btw, Guilio, your email address bounces for me, so hopefully you
read the mailing list and see the previous messages.

rick

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?708626908.299589.1327708847263.JavaMail.root>