Date: Fri, 27 Jan 2012 18:57:24 -0500 (EST) From: Rick Macklem <rmacklem@uoguelph.ca> To: Yuri Pankov <yuri.pankov@gmail.com> Cc: freebsd-net@freebsd.org, Giulio Ferro <auryn@zirakzigil.org>, freebsd-stable@freebsd.org Subject: Re: kerberized NFS Message-ID: <2004862701.299511.1327708644586.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <20120127183303.GG1070@sirius.xvoid.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Yuri Pankov wrote: > On Fri, Jan 27, 2012 at 06:58:47PM +0100, Giulio Ferro wrote: > > I'm trying to setup a kerberized NFS system made of a server and a > > client (both freebsd 9 amd64 stable) > > > > I've tried to follow this howto: > > http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup > > > > But couldn't get much out of it. > > > > First question : is this howto still valid or something more recent > > should be followed? I've searched with Google but I've come up > > empty. > > > > I've set up kerberos heimdal, created the dns entries for both > > client and server, set up krb5.keytab and copied it to client, set > > up nfs4 according to man nfsv4: > > > > (server) > > cat /etc/exports > > V4: /usr/src -sec=krb5:krb5i:krb5p > > > > and then tried to mount it from the client: > > > > mount_nfs -o ntfsv4,sec=krb5i,gssname=nfs > > nfsinternal1.dcssrl.it:/usr/src /usr/src > > > > but it failed with : > > [tcp] nfsinternal1.dcssrl.it:/usr/src: Permission denied > > > > Can you point me to something that I might have got wrong? > > Not really related to Kerberos question, but.. Some problems here: > - ntfsv4 - probably a typo > - more serious one - V4: line specifies the ROOT of NFSv4 exported FS > - nfsinternal1.dcssrl.it:/usr/src points to /usr/src/usr/src. > > What you /etc/exports could look like (the way it works for me, > doesn't > mean that it's correct though): > > /usr/src <options> <v3hosts> > V4: / -sec=krb5:krb5i:krb5p <v4hosts> > Yes. If you specify "/", then the tree starts at the root. The main problem with doing this is that, for ZFS, you then have to export all file systems from "/" down to where you want to mount. (Again, these are done by export lines separate from the "V4:" line.) If you specify: V4: /usr/src -sec=krb5:krb5i:krb5p /usr/src -sec=krb5:krb5i:krb5p <host(s) or subnet> then the client mounts /usr/src via: % mount -t nfs -o nfsv4,sec=krb5i server:/ /mntpoint rick > > Yuri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2004862701.299511.1327708644586.JavaMail.root>