Date: Fri, 27 Jan 2012 22:33:03 +0400 From: Yuri Pankov <yuri.pankov@gmail.com> To: Giulio Ferro <auryn@zirakzigil.org> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org>, freebsd-stable@freebsd.org Subject: Re: kerberized NFS Message-ID: <20120127183303.GG1070@sirius.xvoid.org> In-Reply-To: <4F22E5D7.4000707@zirakzigil.org> References: <4F22E5D7.4000707@zirakzigil.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--SO98HVl1bnMOfKZd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 27, 2012 at 06:58:47PM +0100, Giulio Ferro wrote: > I'm trying to setup a kerberized NFS system made of a server and a > client (both freebsd 9 amd64 stable) >=20 > I've tried to follow this howto: > http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup >=20 > But couldn't get much out of it. >=20 > First question : is this howto still valid or something more recent > should be followed? I've searched with Google but I've come up empty. >=20 > I've set up kerberos heimdal, created the dns entries for both > client and server, set up krb5.keytab and copied it to client, set > up nfs4 according to man nfsv4: >=20 > (server) > cat /etc/exports > V4: /usr/src -sec=3Dkrb5:krb5i:krb5p >=20 > and then tried to mount it from the client: >=20 > mount_nfs -o ntfsv4,sec=3Dkrb5i,gssname=3Dnfs=20 > nfsinternal1.dcssrl.it:/usr/src /usr/src > > but it failed with : > [tcp] nfsinternal1.dcssrl.it:/usr/src: Permission denied >=20 > Can you point me to something that I might have got wrong? Not really related to Kerberos question, but.. Some problems here: - ntfsv4 - probably a typo - more serious one - V4: line specifies the ROOT of NFSv4 exported FS - nfsinternal1.dcssrl.it:/usr/src points to /usr/src/usr/src. What you /etc/exports could look like (the way it works for me, doesn't mean that it's correct though): /usr/src <options> <v3hosts> V4: / -sec=3Dkrb5:krb5i:krb5p <v4hosts> Yuri --SO98HVl1bnMOfKZd Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQIcBAABAgAGBQJPIu3fAAoJEF9SuVmZPGsqs0AP/i5DlKKBjM8r4grf0LkWLJmr p6A+AqhBHRE7Ei3I+XxwKGk1gI3uBYTgNpXFNeVlsv2Qf4R+2LdhDSmCj8Z3X16S Y+Ro+lbMP4++sUm44BCouxzx/a9TGzAeW8P9KZwG7DrdreBuVc5FI/WxbyxVTbrW QeEdh7oNhp/yj5S4AkX0Kd2/w1GcwPX/kK8PvdxSOJ6bzSnRvBRiXHq2A5Lm727g vrl+OmwqKf2ibAQQCqKVVfjr9PTR+UQjPeGJnw3lFokOfz4grqDM11aZEtdTK8WT 4aUaarswptDpHEGp7KM9NePa2AqvatlWjfU6u9n66+yg1QyoSVAwrKVacXnNt81k uAHEk0eoI8PSWyunZ0CjAFf7DNe0KcyCgJ8oWqSZSRhuE9yCQ0dSUQtfA5LpRS0n HM6ZPTlcaBqrMxlpaEGHa1dXoQZ75ZnZz2cG/xRTZAhz86rfmqVA3Rl0NxzWBi/+ RcpR7RmuIvzXP0/OcA4WMCmxUU1mmD0MTJNrg++naTVEBS40ulme1bh/y8KbeQin EwiyeNx9t6EXyG/43EqeYUkkMNxke4uvO4Dt98bRhpUG68/I3pqpClLozD46sFRv ZeKvL7z+yBkk6IsHdX/SgMdV262OnCVLezqntDWVQAR9yd6u62hy4gzGbcTtGvsD pNQLZCdWUYo0gaWIdLFH =OhN3 -----END PGP SIGNATURE----- --SO98HVl1bnMOfKZd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120127183303.GG1070>