Date: Thu, 4 Oct 2018 12:55:39 +0200 From: Felix Winterhalter <felix@audiofair.de> To: freebsd-fs@freebsd.org Subject: NFSv4 Kerberos mount from Linux Message-ID: <30f6446c-6fed-4b1e-9cae-9c417974ec46@audiofair.de>
next in thread | raw e-mail | index | archive | help
Hello everyone, I've been trying to get a kerberized nfsv4 mount to work from a Debian Stretch client to a FreeBSD 11.2 server. My export file looks like: V4: / -sec=krb5p clients /testexport -maproot=root -sec=krb5p clients I am now trying to mount this directory as root first without having to deal with user keytabs or tickets. This works fine with -sec=sys and nfsv4.1 and nfsv3 and -sec=krb5p. This does not however work with nfsv4 and krb5p or any other krb5 flavor. The only errors we have been able to get is an error by gssd: gssd_pname_to_uid: failed major=0xd0000 minor=-1765328227 Searching for this error has lead us to an old entry in the mailing list: https://lists.freebsd.org/pipermail/freebsd-fs/2016-May/023132.html Which apparently has this problem unresolved with extremely similar symptoms. Mounting from the Linux client to a similar Linux server under the same KDC with nfsv4 krb5p works without any problem. Also access to the FreeBSD server with sshd and GSSAPI works fine. So the keytab for the FreeBSD host seems to work fine. This is extremely frustrating as I have been at this problem for days now without any real way to even debug the issue. Any help would be greatly appreciated.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30f6446c-6fed-4b1e-9cae-9c417974ec46>