Hello.
I have been trying to set up kerberized nfsv3 server and clients over IPv6
network, but run into a few problems.
When I try to mount NFS share, an error "permission denied." occured and
failed to mount.
My server is FreeBSD8. My client is Fedora 13.
Without Kerberos, I can mount NFS share.
Output of mount command is follow
=============================================================================================
# mount -t nfs nfsserv.localdomain:/export/work /mnt/nfs/ -o
sec=krb5,vers=3 -v
mount.nfs: timeout set for Tue Jun 15 10:54:11 2010
mount.nfs: trying text-based options
'sec=krb5,vers=3,addr=2002:192:168:1:217:a4ff:fe20:e5f0'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 2001:XXXX::a4ff:fe20:e5f0 prog 100003 vers 3 prot TCP
port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 2001:XXXX::a4ff:fe20:e5f0 prog 100005 vers 3 prot UDP
port 818
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting
nfsserv.localdomain:/export/work
==============================================================================================
"nfsserv is hostname of NFS server and 2001:XXXX::a4ff:fe20:e5f0 is
its IPv6 address.
I run rpc.gssd with -vvvvv options, and I got following warnings.
==============================================================================================
creating context with server nfs@xxxxxxxxxxxxxxxxxxx
WARNING: Failed to create krb5 context for user with uid 0 for server
nfsserv.localdomain
WARNING: Failed to create machine krb5 context with credentials cache
FILE:/tmp/krb5cc_machine_NWBOOT for server nfsserv.localdomain
WARNING: Failed to create machine krb5 context with any credentials
cache for server nfsserv.localdomain
doing error downcall
==============================================================================================
It seems that rpc.gssd could not create credentials for nfsserver.
However, I run kinit correctly on client.
My kinit and klist results are follow.
==============================================================================================
[root@fedoravm]# kinit root
Password for root@NWBOOT:
[root@fedoravm]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root@NWBOOT
Valid starting Expires Service principal
06/15/10 16:53:22 06/16/10 16:53:15 krbtgt/NWBOOT@NWBOOT
renew until 06/22/10 16:53:15
==============================================================================================
I read following page and added root keytab to client, but nothing changed.
http://www.mail-archive.com/linux-nfs@xxxxxxxxxxxxxxx/msg01360.html
My Client Keytab:
==============================================================================================
[root@fedoravm]# ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: list -e
slot KVNO Principal
---- ----
---------------------------------------------------------------------
1 1 nfs/fedoravm.localdomain@NWBOOT (DES cbc mode with
CRC-32)
2 1 root/fedoravm.localdomain@NWBOOT (DES cbc mode with
CRC-32)
3 1 host/fedoravm.localdomain@NWBOOT (DES cbc mode with
CRC-32)
==============================================================================================
My Server Keytab:
==============================================================================================
nfsserv# ktutil list
FILE:/etc/krb5.keytab:
Vno Type Principal
1 des-cbc-crc nfs/nfsserv.localdomain@NWBOOT
1 des-cbc-crc root/nfsserv.localdomain@NWBOOT
1 des-cbc-crc host/nfsserv.localdomain@NWBOOT
==============================================================================================
I have surveyed web pages to find nothing about Kerberized NFS over IPv6.
I'm not sure it works or not.
Does rpc.gssd works on IPv6 enviromnent?
Can anybody give me any hints or suggestions?
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
