I have been trying all sorts of things to get this working.
nfsv4 works fine if I just use the nfs-v3 form of export
i.e.
/nfs4exports
192.168.230.237/24(ro,fsid=0,sync,insecure,no_root_squash,no_subtree_check,squash_uids=0-99)
/nfs4exports/NDG
192.168.230.237/24(rw,insecure,no_subtree_check,nohide,sync,no_root_squash,squash_uids=0-99)
but this is inherently open to all on this machine.
so then using this recipe
http://www.techrepublic.com/blog/opensource/kerberos-authentication-with-nfsv4/1965
and many others that hours of google foo shows
change exports to
/nfs4exports
gss/krb5(ro,fsid=0,sync,insecure,no_root_squash,no_subtree_check,squash_uids=0-99)
/nfs4exports/NDG
gss/krb5(rw,insecure,no_subtree_check,nohide,sync,no_root_squash,squash_uids=0-99)
now from the client I can see
[rkampen@timsws ~]$ showmount -e example.com
Export list for example.com:
/nfs4exports gss/krb5
/nfs4exports/NDG gss/krb5
but
[rkampen@timsws /]$ sudo mount -t nfs4 -o sec=krb5 ndgonline.net:/ /NDG/
mount.nfs4: access denied by server while mounting ndgonline.net:/
and
[rkampen@timsws /]$ sudo mount -t nfs4 -o sec=krb5 ndgonline.net:/NDG /NDG/
mount.nfs4: access denied by server while mounting ndgonline.net:/NDG
And I cannot find any log entries relating to the kerberos KDC or on the
nfs server - two different machines.
I have set up all the principals in the KDC and used kadmin/ktadd to
load into the client and the server /etc/krb5.keytab as per the above url.
How and where do I get logging to occur so I can find out the missing
piece in my kerberos setup?
Any help or directions appreciated.
TIA
begin:vcard
fn:Rob Kampen
n:Kampen;Rob
org:Team Torman Realty
adr:;;13019 Water Point blvd;Windermere;Florida;34786;USA
email;internet:rkampen@xxxxxxxxxxxxxxxxxxxx
tel;fax:407-876-3591
tel;home:407-876-4854 x6344
tel;cell:407-341-3815
url:www.robkampen.com
version:2.1
end:vcard
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
