|

»

Kerberos - General

Configuring client for NFS

View: New views

6 Messages — Rating Filter: Alert me

	Configuring client for NFS by Abhishek Chowdhury :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I want to set up NFS for kerberos authentication. I have created all the required principals and keytabs correctly and made an entry in etc/exports as /mount 17.224.21.59 -sec=krb5 -ro Now on client side after successful kinit i get the initial krbtgt ticket . after that when i am trying to run the command mount 17.201.112.127:/mount /home/mount I am getting permission denied and not getting the ticket for nfs . Is there any step to enable nfs for kerberos at client side. Any pointer will be very helpful.
	Re: Configuring client for NFS by Martin Simovic-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message looks like you are forgetting -t nfs4 ? mount -t nfs4 -o sec=krb 17.201.112.127:/mount /home/mount also, how does your /etc/exports look like? the way NFS4 exports work have been changed dramatically (regardless of kerberos in place or not) mine /etc/exports looks like this # NFS4 exports /export gss/krb5(ro,fsid=0,no_subtree_check,crossmnt) /export/home gss/krb5(rw,no_subtree_check) furthermore mounts need to be something like this /dev/mapper/data-home /home ext3 defaults,noexec,nosuid,nodev,usrquota,grpquota 0 3 /home /export/home none bind 0 0 Martin. On Thu, 2008-08-21 at 16:38 +0530, abhishek chowdhury wrote: > Now i am getting the ticket for nfs service also after re creating the > pricncipals and keytab but still i am getting authentication error > after the command > mount -o sec=krb5 17.201.112.127:/mount /home/mount > > and according to the link > (https://help.ubuntu.com/community/NFSv4Howto) i need to have only one > entry for des but that is required only if client in non MAC ,in my > case client is MAC , so i don\'t think there is any problem with > entries for des. > > > > On 8/21/08, Martin Simovic <msimovic@...> wrote: > On Wed, 2008-08-20 at 23:00 -0700, Abhishek Chowdhury wrote: > > > I want to set up NFS for kerberos authentication. > > > I have created all the required principals and keytabs correctly and made an > > > entry in etc/exports as > > > /mount 17.224.21.59 -sec=krb5 -ro > > > > > > Now on client side after successful kinit i get the initial krbtgt ticket . > > > after that when i am trying to run the command > > > mount 17.201.112.127:/mount /home/mount > > > I am getting permission denied and not getting the ticket for nfs . > > > Is there any step to enable nfs for kerberos at client side. > > > Any pointer will be very helpful. :working: > > > > > > > Might help if I point you to this docs > > https://help.ubuntu.com/community/NFSv4Howto > > > > will work for most recent distributions that do support NFS4 > > the problem where i was getting stuck was the fact that the > > nfs/host.domain.com@... principal has to be extracted to the > > keytab with the des encryption only (by default there is des and 3des - > > won\'t work) > > > > M. > > > > > > -- > Regards > > Abhishek Chowdhury ________________________________________________ Kerberos mailing list Kerberos@... https://mailman.mit.edu/mailman/listinfo/kerberos
	Re: Configuring client for NFS by Abhishek Chowdhury :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message when i am trying mount -t nfs4 -o sec=krb5 17.201.112.127:/mount /home/mount i am getting /home/mount no such directory earlier the error was authentication error when i am not writin -t nfs4 my exports look like /home/mount/ 17.224.114.139 -sec=krb5 -ro nothing extra then this. what changes i need to do in the exports
	Re: Configuring client for NFS by Martin Simovic-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message you need to export NFS4 with fsid=0 option (this becomes your NFS"root") and export everything else underneeth that directory. just read the quide I sent you carefully, everything is there. don't forget about the options for NFS daemon NEED_IDMAPD,etc... M. On Thu, 2008-08-21 at 05:23 -0700, Abhishek Chowdhury wrote: > > > > when i am trying mount -t nfs4 -o sec=krb5 17.201.112.127:/mount > > /home/mount > > i am getting /home/mount no such directory > > earlier the error was authentication error when i am not writin -t nfs4 > > > > my exports look like > > /home/mount/ 17.224.114.139 -sec=krb5 -ro > > > > nothing extra then this. > > what changes i need to do in the exports > > > ________________________________________________ Kerberos mailing list Kerberos@... https://mailman.mit.edu/mailman/listinfo/kerberos
	Re: Configuring client for NFS by Abhishek Chowdhury :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message According to the guide https://help.ubuntu.com/community/NFSv4Howto#Create%20and%20distribute%20credentials I have to create /etc/default/nfs-kernel-server and /etc/default/nfs-common on the server and /etc/default/nfs-common in the client. But these files are not available on my mac. Are the configurations given in the link above are for mac. I followed this link http://docs.info.apple.com/article.html?artnum=306694 for the configuration of kerberized nfs
	Re: Configuring client for NFS by Martin Simovic-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, 2008-08-21 at 06:29 -0700, Abhishek Chowdhury wrote: > > > > > According to the guide > > https://help.ubuntu.com/community/NFSv4Howto#Create%20and%20distribute%20credentials > > I have to create /etc/default/nfs-kernel-server > > and /etc/default/nfs-common on the server and /etc/default/nfs-common in > > the client. > > But these files are not available on my mac. > > Are the configurations given in the link above are for mac. > > > > I followed this link http://docs.info.apple.com/article.html?artnum=306694 > > for the configuration of kerberized nfs > > ah,.... thought you are connecting mac client to a linux NFS server..... no idea how to set up NFS server on MAC :( > > ________________________________________________ Kerberos mailing list Kerberos@... https://mailman.mit.edu/mailman/listinfo/kerberos