From owner-freebsd-net@FreeBSD.ORG Sat Jan 28 00:00:48 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 569FF1065670 for ; Sat, 28 Jan 2012 00:00:48 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id F24B58FC08 for ; Sat, 28 Jan 2012 00:00:47 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ap4EAOY5I0+DaFvO/2dsb2JhbABEhQuqUIFyAQEFI0sLGxgCAg0ZAlkGiBemOpFYgS+CUIURAQUDHAQBCwEIAQYEAwMEEBIDgmYFAwMBAgcDFQEFCwcCAYNCgRYEiD+MW5Jr X-IronPort-AV: E=Sophos;i="4.71,583,1320642000"; d="scan'208";a="157160203" Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.206]) by esa-jnhn-pri.mail.uoguelph.ca with ESMTP; 27 Jan 2012 19:00:47 -0500 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 43A62B3F08; Fri, 27 Jan 2012 19:00:47 -0500 (EST) Date: Fri, 27 Jan 2012 19:00:47 -0500 (EST) From: Rick Macklem To: Yuri Pankov Message-ID: <708626908.299589.1327708847263.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: <20120127183303.GG1070@sirius.xvoid.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.91.203] X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraWebClient - FF3.0 (Win)/6.0.10_GA_2692) Cc: freebsd-net@freebsd.org, Giulio Ferro , freebsd-stable@freebsd.org Subject: Re: kerberized NFS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jan 2012 00:00:48 -0000 Yuri Pankov wrote: > On Fri, Jan 27, 2012 at 06:58:47PM +0100, Giulio Ferro wrote: > > I'm trying to setup a kerberized NFS system made of a server and a > > client (both freebsd 9 amd64 stable) > > > > I've tried to follow this howto: > > http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup > > > > But couldn't get much out of it. > > > > First question : is this howto still valid or something more recent > > should be followed? I've searched with Google but I've come up > > empty. > > > > I've set up kerberos heimdal, created the dns entries for both > > client and server, set up krb5.keytab and copied it to client, set > > up nfs4 according to man nfsv4: > > > > (server) > > cat /etc/exports > > V4: /usr/src -sec=krb5:krb5i:krb5p > > > > and then tried to mount it from the client: > > > > mount_nfs -o ntfsv4,sec=krb5i,gssname=nfs > > nfsinternal1.dcssrl.it:/usr/src /usr/src > > > > but it failed with : > > [tcp] nfsinternal1.dcssrl.it:/usr/src: Permission denied > > > > Can you point me to something that I might have got wrong? > > Not really related to Kerberos question, but.. Some problems here: > - ntfsv4 - probably a typo > - more serious one - V4: line specifies the ROOT of NFSv4 exported FS > - nfsinternal1.dcssrl.it:/usr/src points to /usr/src/usr/src. > > What you /etc/exports could look like (the way it works for me, > doesn't > mean that it's correct though): > > /usr/src > V4: / -sec=krb5:krb5i:krb5p > > > Yuri Btw, Guilio, your email address bounces for me, so hopefully you read the mailing list and see the previous messages. rick