From owner-freebsd-fs@freebsd.org Thu Oct 4 10:55:42 2018 Return-Path: Delivered-To: freebsd-fs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E1E310C8394 for ; Thu, 4 Oct 2018 10:55:42 +0000 (UTC) (envelope-from felix@audiofair.de) Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.smtp.rzone.de", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AE0528F655 for ; Thu, 4 Oct 2018 10:55:41 +0000 (UTC) (envelope-from felix@audiofair.de) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1538650539; s=strato-dkim-0002; d=audiofair.de; h=Date:Message-ID:Subject:From:To:X-RZG-CLASS-ID:X-RZG-AUTH:From: Subject:Sender; bh=+FVLkRSlIe9O76sINCbr4JBbNmNIZhPICywyY27qK4Q=; b=mtPcC8JyAJ4NRBbyaxwJBhdhujXXDq1nLAsQLvjInEmtEIZDG/vhX1oGRFbMoquyu7 grFB0SawbEaitBS6COR1BQ/WGZXF1diEJ1RnrSvJoLViYRcrApkh4TY7R+FlJebdminr k0bFGfG+6ZfsKREZtIm5UbV50kXAJcIdb3vxS6efxMFxdKEueqtC6+Tdprezs9EvfDpi q0/5wRBsvC2FQoz6b3ZNmZx272RoMST7tLzCnPYISJHaEpf13EXt41zGEdSQ9LuCaZxo +v3M43zd3vXuBfv5dCADAHAHJuqpVNcZAcRQL5Lei8XUggDRlEnV1tin5uZ+Ut9PQuU8 osaA== X-RZG-AUTH: ":KmkIfFiIeuobF0ryGDOmdGJTFqaolieRUBb8W7m+IlV8fTgVa1I1Nqqo7krB5f1Lh7qYsj9h" X-RZG-CLASS-ID: mo00 Received: from [131.188.166.118] by smtp.strato.de (RZmta 44.2 AUTH) with ESMTPSA id k02759u94Atd7ed (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate) for ; Thu, 4 Oct 2018 12:55:39 +0200 (CEST) To: freebsd-fs@freebsd.org From: Felix Winterhalter Subject: NFSv4 Kerberos mount from Linux Message-ID: <30f6446c-6fed-4b1e-9cae-9c417974ec46@audiofair.de> Date: Thu, 4 Oct 2018 12:55:39 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Content-Language: de-DE X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Oct 2018 10:55:42 -0000 Hello everyone, I've been trying to get a kerberized nfsv4 mount to work from a Debian Stretch client to a FreeBSD 11.2 server. My export file looks like: V4: / -sec=krb5p clients /testexport -maproot=root -sec=krb5p clients I am now trying to mount this directory as root first without having to deal with user keytabs or tickets. This works fine with -sec=sys and nfsv4.1 and nfsv3 and -sec=krb5p. This does not however work with nfsv4 and krb5p or any other krb5 flavor. The only errors we have been able to get is an error by gssd: gssd_pname_to_uid: failed major=0xd0000 minor=-1765328227 Searching for this error has lead us to an old entry in the mailing list: https://lists.freebsd.org/pipermail/freebsd-fs/2016-May/023132.html Which apparently has this problem unresolved with extremely similar symptoms. Mounting from the Linux client to a similar Linux server under the same KDC with nfsv4 krb5p works without any problem. Also access to the FreeBSD server with sshd and GSSAPI works fine. So the keytab for the FreeBSD host seems to work fine. This is extremely frustrating as I have been at this problem for days now without any real way to even debug the issue. Any help would be greatly appreciated.