Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 6 Feb 2022 17:42:56 +0100
From:      Arno Thuber <anothatuber@gmail.com>
To:        freebsd-fs@freebsd.org
Subject:   Kerberized NFSv4: wrong security flavor
Message-ID:  <CAFNeAzH59yLZut8WuWoi84QtuKQQ-LZZ21M_ck5A2owFUQM%2B8A@mail.gmail.com>
index | next in thread | raw e-mail 

[-- Attachment #1 --]
Hello there,

for weeks I'm trying to get kerberized NFSv4 working on a FreeBSD server.
Originally I tried using a Linux client which didn't work, so I now
switched to a FreeBSD client which doesn't work either but with another
error. Remark: Linux server and client are working with the same KDC.

It feels I've ready each and every tutorial on kerberized NFS but just
don't see the error.

But now for the error on the FreeBSD client:
root@freebsd-client: # mount -vvv -o nfsv4,sec=krb5
freebsd.fqdn:/srv/nfsshare /mnt/nfs/
mount_nfs: nmount: /mnt/nfs, wrong security flavor

And what Wireshark shows fits the message:
Remote Procedure Call, Type:Call XID:0x69cd8522
    Fragment header: Last fragment, 152 bytes
    XID: 0x69cd8522 (1775076642)
    Message Type: Call (0)
    RPC Version: 2
    Program: NFS (100003)
    Program Version: 4
    Procedure: COMPOUND (1)
    [The reply to this request is in frame 16]
    Credentials
        Flavor: AUTH_UNIX (1)
        Length: 56
        Stamp: 0x61ffd269
        Machine Name: freebsd-client.local.eyserver.de
            length: 32
            contents: freebsd-client.local.eyserver.de
        UID: 0
        GID: 0
        Auxiliary GIDs (1) [5]
    Verifier
        Flavor: AUTH_NULL (0)
        Length: 0

GSSD is running and also seems to be in the loop (shows output on mount
when run as gssd -vhd) but it seems just right away ignores the request for
krb5.
Do you have any ideas on this? Or at least what I can do to debug this?

FreeBSD used is 13.0-RELEASE.

Regards,
Arno

[-- Attachment #2 --]
<div dir="ltr"><div>Hello there,</div><div><br></div><div>for weeks I&#39;m trying to get kerberized NFSv4 working on a FreeBSD server. Originally I tried using a Linux client which didn&#39;t work, so I now switched to a FreeBSD client which doesn&#39;t work either but with another error. Remark: Linux server and client are working with the same KDC.</div><div><br></div><div>It feels I&#39;ve ready each and every tutorial on kerberized NFS but just don&#39;t see the error.<br></div><div><br></div><div>But now for the error on the FreeBSD client:</div><div>root@freebsd-client: # mount -vvv -o nfsv4,sec=krb5 freebsd.fqdn:/srv/nfsshare /mnt/nfs/<br>mount_nfs: nmount: /mnt/nfs, wrong security flavor<br></div><div><br></div><div>And what Wireshark shows fits the message:</div><div>Remote Procedure Call, Type:Call XID:0x69cd8522<br>    Fragment header: Last fragment, 152 bytes<br>    XID: 0x69cd8522 (1775076642)<br>    Message Type: Call (0)<br>    RPC Version: 2<br>    Program: NFS (100003)<br>    Program Version: 4<br>    Procedure: COMPOUND (1)<br>    [The reply to this request is in frame 16]<br>    Credentials<br>        Flavor: AUTH_UNIX (1)<br>        Length: 56<br>        Stamp: 0x61ffd269<br>        Machine Name: <a href="http://freebsd-client.local.eyserver.de">freebsd-client.local.eyserver.de</a><br>            length: 32<br>            contents: <a href="http://freebsd-client.local.eyserver.de">freebsd-client.local.eyserver.de</a><br>        UID: 0<br>        GID: 0<br>        Auxiliary GIDs (1) [5]<br>    Verifier<br>        Flavor: AUTH_NULL (0)<br>        Length: 0<br></div><div><br></div><div>GSSD is running and also seems to be in the loop (shows output on mount when run as gssd -vhd) but it seems just right away ignores the request for krb5.</div><div>Do you have any ideas on this? Or at least what I can do to debug this?<br></div><div><br></div><div>FreeBSD used is 13.0-RELEASE.<br></div><div><br></div><div>Regards,</div><div>Arno<br></div></div>
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFNeAzH59yLZut8WuWoi84QtuKQQ-LZZ21M_ck5A2owFUQM%2B8A>