Date: Tue, 10 Feb 2015 14:31:58 -0500 (EST) From: Benjamin Kaduk <kaduk@MIT.EDU> To: Sascha Frey <sf@techfak.net> Cc: freebsd-fs@freebsd.org Subject: Re: Unable to mount kerberized NFS share on Linux from FreeBSD 10.1 box Message-ID: <alpine.GSO.1.10.1502101430460.3953@multics.mit.edu> In-Reply-To: <20150210080053.GA20995@TechFak.Uni-Bielefeld.DE> References: <20150209181747.GB9520@TechFak.Uni-Bielefeld.DE> <2131985962.2999032.1423524243651.JavaMail.root@uoguelph.ca> <20150210080053.GA20995@TechFak.Uni-Bielefeld.DE>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Feb 2015, Sascha Frey wrote: > Rick Macklem wrote: > > [...] > >> I found only one error message in /var/log/messages: > >> nfsd: can't register svc name > >> > >Well, this message indicates it isn't going to work. > >(This message means the nfsd couldn't register with the gssd daemon, > > so kerberized NFS won't work.) It is generated when the nfsd is > >started. > > > >The most common cause would be the gssd daemon not running when the > >nfsd daemon is started. If the gssd was running when the nfsd was started > >and this message is logged, there is a debug option on gssd that makes > >it chatty and that might indicate why it is failing. > > gssd was running before nfsd was started. > This message does not appear if nfsd starts without gssd running, > but it does appear as soon as gssd is started (if nfsd is already running). > > I started gssd in foreground mode (via gssd -d -v) > These messages appear when I start nfsd: > gssd_import_name: done major=0x0 minor=0 > gssd_acquire_cred: done major=0x70000 minor=0 > gssd_release_name: done major=0x0 minor=0 > gssd_import_name: done major=0x0 minor=0 > gssd_acquire_cred: done major=0x70000 minor=0 > gssd_release_name: done major=0x0 minor=0 > gssd_import_name: done major=0x0 minor=0 > gssd_acquire_cred: done major=0x70000 minor=0 > gssd_release_name: done major=0x0 minor=0 0x70000 is GSS_S_NO_CRED. Maybe you could truss or similar to find out what name it's trying to acquire credentials for? -Ben > No log output when trying to mount NFS share on the Linux machine. > > > I tried to mount it on the server itself. I'm able > to mount, but I can't access any files... > > [root@leonard ~]# mount -o sec=krb5 leonard.fs.cit-ec.net:/export/homes/sfrey /mnt > [root@leonard ~]# su - sfrey > [sfrey@leonard ~]$ kinit > sfrey@TECHFAK.UNI-BIELEFELD.DE's Password: > [sfrey@leonard ~]$ ls -lad /mnt > ls: /mnt: Permission denied > [sfrey@leonard ~]$ klist > Credentials cache: FILE:/tmp/krb5cc_21036 > Principal: sfrey@TECHFAK.UNI-BIELEFELD.DE > > Issued Expires Principal > Feb 10 08:54:31 2015 Feb 10 18:54:39 2015 krbtgt/TECHFAK.UNI-BIELEFELD.DE@TECHFAK.UNI-BIELEFELD.DE > Feb 10 08:54:36 2015 Feb 10 18:54:39 2015 nfs/leonard.fs.cit-ec.net@TECHFAK.UNI-BIELEFELD.DE > > > > >Also, there is this wiki. It is somewhat out of date, but I don't think > >anything has changed w.r.t. the server side. (I'm not sure what the > >current status is w.r.t. keytab entries encrypted in newer ways than > >des-cbc-crc is.) > >https://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup > > I'll take a look into it. Maybe I missed something. > > > > > Cheers, > Sascha > _______________________________________________ > freebsd-fs@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-fs > To unsubscribe, send any mail to "freebsd-fs-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.GSO.1.10.1502101430460.3953>