Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 4 Oct 2018 12:55:39 +0200
From:      Felix Winterhalter <felix@audiofair.de>
To:        freebsd-fs@freebsd.org
Subject:   NFSv4 Kerberos mount from Linux
Message-ID:  <30f6446c-6fed-4b1e-9cae-9c417974ec46@audiofair.de>

next in thread | raw e-mail | index | archive | help
Hello everyone,

I've been trying to get a kerberized nfsv4 mount to work from a Debian
Stretch client to a FreeBSD 11.2 server.

My export file looks like:

V4: / -sec=krb5p clients

/testexport -maproot=root -sec=krb5p clients

I am now trying to mount this directory as root first without having to
deal with user keytabs or tickets.

This works fine with -sec=sys and nfsv4.1 and nfsv3 and -sec=krb5p. This
does not however work with nfsv4 and krb5p or any other krb5 flavor.

The only errors we have been able to get is an error by gssd:

gssd_pname_to_uid: failed major=0xd0000 minor=-1765328227

Searching for this error has lead us to an old entry in the mailing list:

https://lists.freebsd.org/pipermail/freebsd-fs/2016-May/023132.html

Which apparently has this problem unresolved with extremely similar
symptoms.

Mounting from the Linux client to a similar Linux server under the same
KDC with nfsv4 krb5p works without any problem.

Also access to the FreeBSD server with sshd and GSSAPI works fine. So
the keytab for the FreeBSD host seems to work fine.

This is extremely frustrating as I have been at this problem for days
now without any real way to even debug the issue.

Any help would be greatly appreciated.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30f6446c-6fed-4b1e-9cae-9c417974ec46>