Date: Mon, 25 Jun 2012 13:21:18 +0200 From: Herbert Poeckl <freebsdml@ist.tugraz.at> To: freebsd-stable@FreeBSD.org Subject: Need help with nfsv4 and krb5 access denied Message-ID: <4FE849AE.3080902@ist.tugraz.at>
next in thread | raw e-mail | index | archive | help
Hi everybody. We are new to this list and need technical help. We are getting access denied error on our debian clients when mounting nfsv4 network drives with kerberos 5 authentication. What is wired about this, is that it works with one server, but not with a second server. The configuration on these both machines are identical, witch we have tested by booting from the same USB drive. The one where it works on is a Intel based standard workstation (HP DC7800). The machine where it does not work is a AMD Opteron based server (Sun X4540). Any other kerberos authentication (like smb and netatalk) works fine. We basically followed these instructions: http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup Our system configuration looks as follows: -- 8< ----------------------------------------- >8 -- root@tmp2:/root # uname -a FreeBSD tmp2.ist.intra 9.0-STABLE FreeBSD 9.0-STABLE #4: Thu Jun 14 08:58:14 UTC 2012 root@srv.ist.intra:/usr/obj/system/usr/src/sys/SRV amd64 root@tmp2:/root # diff /usr/src/sys/amd64/conf/GENERIC /usr/src/sys/amd64/conf/SRV 348a349,354 > > > options KGSSAPI > device crypto > > options NETATALK root@tmp2:/root # cat /etc/krb5.conf [libdefaults] default_realm = IST.INTRA forwardable = true proxiable = true root@tmp2:/root # ktutil list FILE:/etc/krb5.keytab: Vno Type Principal 1 aes256-cts-hmac-sha1-96 nfs/tmp2.ist.intra@IST.INTRA 1 des3-cbc-sha1 nfs/tmp2.ist.intra@IST.INTRA 1 arcfour-hmac-md5 nfs/tmp2.ist.intra@IST.INTRA ktutil: krb5_kt_start_seq_get krb4:/etc/srvtab: open(/etc/srvtab): No such file or directory root@tmp2:/root # cat /etc/exports V4: /tmp -sec=krb5p -network 192.168.1.0 -mask 255.255.255.0 /tmp/blah -sec=krb5p -network 192.168.1.0 -mask 255.255.255.0 root@tmp2:/root # root@tmp2:/root # less /var/run/dmesg.boot FreeBSD 9.0-STABLE #4: Thu Jun 14 08:58:14 UTC 2012 root@srv.ist.intra:/usr/obj/system/usr/src/sys/SRV amd64 CPU: Six-Core AMD Opteron(tm) Processor 2435 (2600.16-MHz K8-class CPU) Origin = "AuthenticAMD" Id = 0x100f80 Family = 10 Model = 8 Stepping = 0 Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT> Features2=0x802009<SSE3,MON,CX16,POPCNT> AMD Features=0xee500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM,3DNow!+,3DNow!> AMD Features2=0x37ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT> TSC: P-state invariant -- 8< ----------------------------------------- >8 -- Any help is greatly appreciated. Kind regards, Herbert Poeckl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4FE849AE.3080902>