J. Bruce Fields a écrit :
On Thu, Sep 04, 2008 at 07:58:56PM +0200, François Valenduc wrote:
J. Bruce Fields a écrit :
On Thu, Sep 04, 2008 at 07:41:17PM +0200, François Valenduc wrote:
J. Bruce Fields a écrit :
On Thu, Sep 04, 2008 at 07:31:11PM +0200, François Valenduc wrote:
I had indeed forgot to add sec=krb5 to the export options. But
even if I add it, it doesn't change anything.
OK, and you re-exported? (Just to double-check--what does exportfs -v
say?)
Is it really possible to use krb5 authentification with nfs ? I have
read a lot of howto and follow the instructions and it never
succeeds...
I'm sorry you've had trouble with it, but yes, it definitely works--I
use it every day.
--b.
So, here is the output of exportfs -v relating to my home folder:
/home/francois
ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=krb5,rw,root_squash,no_all_squash)
Actually, I forgot, if you're using v3, you probably need to allow
auth_sys mounts as well:
sec=sys:krb5
(Fixed in the latest kernel git, but that's not released yet.)
--b.
I have changed it and it's still the same. The main problem seems to be
the uid and gid mapping. I still get this line:
clnt: nfs@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx, uid: -1, gid:
-1, num aux grps:
0
Nah, that's normal--I get the same thing, and everything still works.
Unless maybe the directory you're exporting really requires a particular
uid? What are the permissions on the directory you're exporting?
--b.
But, exportfs -v now gives the following:
/home/francois
ordi-francois(rw,wdelay,root_squash,no_subtree_check,sec=sys:krb5,rw,root_squash,no_all_squash)
The line in fstab on the client is the following:
pc-francois:/home/francois /mnt/pc-francois nfs
rw,noatime,rsize=1024,wsize=1024,soft,sec=krb5,noauto,users 0 0
What else should I do ? I can get a krb5 ticket but this is not enough
to mount the filesystem.
François
It's my home directory, so it has normal permission for such a directory:
drwxrwsr-x 77 francois francois 4,0K sep 4 20:43 francois/
I don't think there is someting strange with this. I start running out
of ideas to get it working. I have reenabled nfs4 (which I also tried)
and it give the same problem. In order to do that, I off course changed
the exports file like this;
/export/francois
ordi-francois(nohide,rw,root_squash,no_subtree_check,sec=sys:krb5)
And it is not yet working...
François
François
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
