On Thu, Sep 04, 2008 at 07:58:56PM +0200, François Valenduc wrote: > J. Bruce Fields a écrit : >> On Thu, Sep 04, 2008 at 07:41:17PM +0200, François Valenduc wrote: >> >>> J. Bruce Fields a écrit : >>> >>>> On Thu, Sep 04, 2008 at 07:31:11PM +0200, François Valenduc wrote: >>>> >>>>> I had indeed forgot to add sec=krb5 to the export options. But >>>>> even if I add it, it doesn't change anything. >>>>> >>>> OK, and you re-exported? (Just to double-check--what does exportfs -v >>>> say?) >>>> >>>> >>>>> Is it really possible to use krb5 authentification with nfs ? I have >>>>> read a lot of howto and follow the instructions and it never >>>>> succeeds... >>>>> >>>> I'm sorry you've had trouble with it, but yes, it definitely works--I >>>> use it every day. >>>> >>>> --b. >>>> >>>> >>> So, here is the output of exportfs -v relating to my home folder: >>> /home/francois >>> ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=krb5,rw,root_squash,no_all_squash) >>> >>> >> >> Actually, I forgot, if you're using v3, you probably need to allow >> auth_sys mounts as well: >> >> sec=sys:krb5 >> >> (Fixed in the latest kernel git, but that's not released yet.) >> >> --b. >> >> > I have changed it and it's still the same. The main problem seems to be > the uid and gid mapping. I still get this line: > > clnt: nfs@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx, uid: -1, gid: > -1, num aux grps: > 0 Nah, that's normal--I get the same thing, and everything still works. Unless maybe the directory you're exporting really requires a particular uid? What are the permissions on the directory you're exporting? --b. > > But, exportfs -v now gives the following: > /home/francois > ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=sys:krb5,rw,root_squash,no_all_squash) > > The line in fstab on the client is the following: > pc-francois:/home/francois /mnt/pc-francois nfs > rw,noatime,rsize=1024,wsize=1024,soft,sec=krb5,noauto,users 0 0 > > What else should I do ? I can get a krb5 ticket but this is not enough > to mount the filesystem. > > François -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
