From owner-freebsd-net@FreeBSD.ORG Sat Sep 7 11:50:08 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 2718FE4E; Sat, 7 Sep 2013 11:50:08 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-annu.net.uoguelph.ca (esa-annu.mail.uoguelph.ca [131.104.91.36]) by mx1.freebsd.org (Postfix) with ESMTP id CE1782C03; Sat, 7 Sep 2013 11:50:07 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AqMEAMURK1KDaFve/2dsb2JhbABbgz9Rgyq+VYE8dIIlAQEBAwEBAQEgKyALBRYOCgICDQUBEwIpAQkmBggHBAEcBIdbBgyxFpEhgSmNHoEFATMHEgGCVoE0A5Usg3iQN4M8IDJ8Bxci X-IronPort-AV: E=Sophos;i="4.90,859,1371096000"; d="scan'208";a="49847019" Received: from muskoka.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.222]) by esa-annu.net.uoguelph.ca with ESMTP; 07 Sep 2013 07:50:06 -0400 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 2B985B3F4B; Sat, 7 Sep 2013 07:50:06 -0400 (EDT) Date: Sat, 7 Sep 2013 07:50:06 -0400 (EDT) From: Rick Macklem To: Martin Laabs Message-ID: <955745639.19718288.1378554606139.JavaMail.root@uoguelph.ca> In-Reply-To: <522AFD9D.9010500@martinlaabs.de> Subject: Re: nfsv4 fails with kerberos MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.91.201] X-Mailer: Zimbra 7.2.1_GA_2790 (ZimbraWebClient - FF3.0 (Win)/7.2.1_GA_2790) Cc: freebsd-net@freebsd.org, freebsd-arm X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Sep 2013 11:50:08 -0000 Martin Laabs wrote: > Hi, > > I set up a nfsv4 server with kerberos but when starting the nfs > server on > the arm (RBI-B) board I get the following error message and the first > (managing part) of the nfs exits: > > "nfsd: can't register svc name" > > This error message is produced by the following code in > /usr/src/sys/fs/nfsserver/nfs_nfsdkrpc.c: > > > ==================:<======================= > /* An empty string implies AUTH_SYS only. */ > if (principal[0] != '\0') { > ret2 = rpc_gss_set_svc_name_call(principal, > "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER2); > ret3 = rpc_gss_set_svc_name_call(principal, > "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER3); > ret4 = rpc_gss_set_svc_name_call(principal, > "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER4); > > if (!ret2 || !ret3 || !ret4) > printf("nfsd: can't register svc name\n"); > ==================:<======================= > > So something went wrong with the principals. Is there a way to get > more > information or more verbose debugging output from the nfs-server part > of > the kernel? > The above message normally indicates that the gssd daemon isn't running. Here's a few places you can get info: man nfsv4, gssd http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup - This was done quite a while ago and I should ggo in and update it, but I think it is still mostly correct for server side. (The client in head/10 now does have "host based initiator cred" support.) Feel free to update it. All you should need to do so is a Google login. You need a service principal for "nfs", which means an entry for a principal that looks like: nfs/.@ (Stuff in "<>" needs to be filled in with the answer for your machine.) in /etc/krb5.keytab i the server. rick > Thank you, > Martin Laabs > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" >