Date: Tue, 10 Feb 2015 09:00:53 +0100 From: Sascha Frey <sf@techfak.net> To: freebsd-fs@freebsd.org Subject: Re: Unable to mount kerberized NFS share on Linux from FreeBSD 10.1 box Message-ID: <20150210080053.GA20995@TechFak.Uni-Bielefeld.DE> In-Reply-To: <2131985962.2999032.1423524243651.JavaMail.root@uoguelph.ca> References: <20150209181747.GB9520@TechFak.Uni-Bielefeld.DE> <2131985962.2999032.1423524243651.JavaMail.root@uoguelph.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Rick Macklem wrote:
[...]
>> I found only one error message in /var/log/messages:
>> nfsd: can't register svc name
>>
>Well, this message indicates it isn't going to work.
>(This message means the nfsd couldn't register with the gssd daemon,
> so kerberized NFS won't work.) It is generated when the nfsd is
>started.
>
>The most common cause would be the gssd daemon not running when the
>nfsd daemon is started. If the gssd was running when the nfsd was started
>and this message is logged, there is a debug option on gssd that makes
>it chatty and that might indicate why it is failing.
gssd was running before nfsd was started.
This message does not appear if nfsd starts without gssd running,
but it does appear as soon as gssd is started (if nfsd is already running).
I started gssd in foreground mode (via gssd -d -v)
These messages appear when I start nfsd:
gssd_import_name: done major=0x0 minor=0
gssd_acquire_cred: done major=0x70000 minor=0
gssd_release_name: done major=0x0 minor=0
gssd_import_name: done major=0x0 minor=0
gssd_acquire_cred: done major=0x70000 minor=0
gssd_release_name: done major=0x0 minor=0
gssd_import_name: done major=0x0 minor=0
gssd_acquire_cred: done major=0x70000 minor=0
gssd_release_name: done major=0x0 minor=0
No log output when trying to mount NFS share on the Linux machine.
I tried to mount it on the server itself. I'm able
to mount, but I can't access any files...
[root@leonard ~]# mount -o sec=krb5 leonard.fs.cit-ec.net:/export/homes/sfrey /mnt
[root@leonard ~]# su - sfrey
[sfrey@leonard ~]$ kinit
sfrey@TECHFAK.UNI-BIELEFELD.DE's Password:
[sfrey@leonard ~]$ ls -lad /mnt
ls: /mnt: Permission denied
[sfrey@leonard ~]$ klist
Credentials cache: FILE:/tmp/krb5cc_21036
Principal: sfrey@TECHFAK.UNI-BIELEFELD.DE
Issued Expires Principal
Feb 10 08:54:31 2015 Feb 10 18:54:39 2015 krbtgt/TECHFAK.UNI-BIELEFELD.DE@TECHFAK.UNI-BIELEFELD.DE
Feb 10 08:54:36 2015 Feb 10 18:54:39 2015 nfs/leonard.fs.cit-ec.net@TECHFAK.UNI-BIELEFELD.DE
>
>Also, there is this wiki. It is somewhat out of date, but I don't think
>anything has changed w.r.t. the server side. (I'm not sure what the
>current status is w.r.t. keytab entries encrypted in newer ways than
>des-cbc-crc is.)
>https://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup
I'll take a look into it. Maybe I missed something.
Cheers,
Sascha
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150210080053.GA20995>