Date: Fri, 08 Feb 2013 12:22:10 +1100 From: John Marshall <john.marshall@riverwillow.com.au> To: Janusz Bulik <januszbulik@googlemail.com> Cc: freebsd-stable@freebsd.org Subject: Re: NFSv4 + Kerberos permission denied Message-ID: <51145342.5090809@riverwillow.com.au> In-Reply-To: <CAMFg4WvJrzT7KB-4W_JnHH9CcPiK%2BcWHp6KJPEZg=-K2Cb-QzQ@mail.gmail.com> References: <CAMFg4WvJrzT7KB-4W_JnHH9CcPiK%2BcWHp6KJPEZg=-K2Cb-QzQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 08/02/2013 01:05, Janusz Bulik wrote: > Hello, > I've got a little problem with NFSv4 + Kerberos. I can do a mount with > Kerberos with a valid ticket, but read-only. > After the mount -vvv -t nfs -o nfsv4,sec=krb5 nfsserver:/ /mount_test/ > I got "Permission denied" message when I try to mkdir or rm. As a root > mount and as a user mount (sysctl vfs.usermounts=1). > With -sec=sys it works read-write, but with -sec=krb5 read-only.. Am I right in supposing that you have never had this working? What you describe sounds symptomatic of nfsuserd not running - see nfsv4(4). sec=sys doesn't need nfsuserd to "work" but sec=krb5 does. If you mount with sec=krb5 and "ls -l /mount_test/" do you see in the listing the user and group names you expect, or just a bunch of numbers? The read-only access is probably what the filesystem permissions allow to "other" because, without nfsuserd, it can't map your kerberos principal to a uid. Of course, I could be wrong... -- John Marshall [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEUU0sACgkQw/tAaKKahKLtEgCeNdCZMo3GeBCJuGXdwNh1tcYi vuUAn0+jQsvinuNOLj6jb1mgKB49S0td =Cdtz -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51145342.5090809>