On Thu, Sep 22, 2011 at 11:34:23PM +0700, Nattapon Viroonsri wrote: > Hi, > > I try to use nfs4 authentication with Active directory 2008 > > kinit success to authenticated, but mount still faile with permission denied > Any suggestion , would be appreciate > > nfs server: suse1.reuint.com ( SLES11 SP1) > nfs client: krbclient.reuint.com ( SLES11 SP1) Have you reported this to SUSE? --b. > Windows2008 SP2 standard edition: ad2008.reuint.com ( windows2008R2 > standard edition) > > package: samba-winbind-3.4.3-1.17.2, > nfs-kernel-server-1.2.1-2.18.1,nfs-client-1.2.1-2.18.1 > krb5-1.6.3-133.46.1 > > > # ------ Both NFS Server and NFS Client can join domain --------------- > rcwinbind stop > rcnfsserver stop > net -Ureutadmin%'mypasswd' ads leave > net -Ureutadmin%'mypasswd' ads keytab flush > kdestroy > \rm /etc/krb5.keytab > \rm /tmp/kr* > > net -Ureutadmin%'mypasswd' ads join createupn='nfs/suse1.reuint.com@xxxxxxxxxx' > net -Ureutadmin%'mypasswd' ads keytab add nfs > > rcwinbind start > > > suse1:~/keytab # wbinfo -u > REUINT\administrator > REUINT\guest > REUINT\krbtgt > REUINT\reutadmin > > > > suse1:~/keytab # ssh REUINT\\reutadmin@localhost > Password: > Last login: Tue Sep 20 10:13:54 2011 from localhost > Could not chdir to home directory /home/REUINT/reutadmin: No such file > or directory > REUINT\reutadmin@suse1:/>exit > > > > #------- ON NFS Server ----------------------------------------- > > suse1:~/keytab # klist -ke > Keytab name: FILE:/etc/krb5.keytab > KVNO Principal > > 2 nfs/suse1.reuint.com@xxxxxxxxxx (DES cbc mode with CRC-32) > 2 nfs/suse1.reuint.com@xxxxxxxxxx (DES cbc mode with RSA-MD5) > 2 nfs/suse1.reuint.com@xxxxxxxxxx (ArcFour with HMAC/md5) > 2 nfs/suse1@xxxxxxxxxx (DES cbc mode with CRC-32) > 2 nfs/suse1@xxxxxxxxxx (DES cbc mode with RSA-MD5) > 2 nfs/suse1@xxxxxxxxxx (ArcFour with HMAC/md5) > > suse1:~/keytab # kinit -V -k nfs/suse1.reuint.com@xxxxxxxxxx > Authenticated to Kerberos v5 > > > #------- ON NFS Client ----------------------------------------------- > > krbclient:~ # klist -ke > > Keytab name: FILE:/etc/krb5.keytab > KVNO Principal > 2 nfs/krbclient.reuint.com@xxxxxxxxxx (DES cbc mode with CRC-32) > 2 nfs/krbclient.reuint.com@xxxxxxxxxx (DES cbc mode with RSA-MD5) > 2 nfs/krbclient.reuint.com@xxxxxxxxxx (ArcFour with HMAC/md5) > 2 nfs/krbclient@xxxxxxxxxx (DES cbc mode with CRC-32) > 2 nfs/krbclient@xxxxxxxxxx (DES cbc mode with RSA-MD5) > 2 nfs/krbclient@xxxxxxxxxx (ArcFour with HMAC/md5) > > krbclient:~ # kinit -V -k nfs/krbclient.reuint.com > Authenticated to Kerberos v5 > > > krbclient:~ # showmount -e suse1.reuint.com > Export list for suse1.reuint.com: > /media/nfs4server gss/krb5i,gss/krb5 > > krbclient:~ # mount -vvv -tnfs4 -o sec=krb5 suse1.reuint.com:/ /media/nfs/ > mount: fstab path: "/etc/fstab" > mount: mtab path: "/etc/mtab" > mount: lock path: "/etc/mtab~" > mount: temp path: "/etc/mtab.tmp" > mount: UID: 0 > mount: eUID: 0 > mount: spec: "suse1.reuint.com:/" > mount: node: "/media/nfs/" > mount: types: "nfs4" > mount: opts: "sec=krb5" > mount: external mount: argv[0] = "/sbin/mount.nfs4" > mount: external mount: argv[1] = "suse1.reuint.com:/" > mount: external mount: argv[2] = "/media/nfs/" > mount: external mount: argv[3] = "-v" > mount: external mount: argv[4] = "-o" > mount: external mount: argv[5] = "rw,sec=krb5" > mount.nfs4: timeout set for Tue Sep 20 11:05:15 2011 > mount.nfs4: trying text-based options > 'sec=krb5,addr=192.168.125.130,clientaddr=192.168.125.132' > mount.nfs4: mount(2): Permission denied > mount.nfs4: access denied by server while mounting suse1.reuint.com:/ > > ---------------------------------------------- > > Rgds, > Nattapon > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
