My Favourites
opensubscriber
   Find in this group all groups
Home     Log In     Sign Up     FAQ    
 
Unknown more information…
f : freebsd-stable@freebsd.org 25 June 2012 • 7:21PM -0400

Need help with nfsv4 and krb5 access denied
by Herbert Poeckl

REPLY TO AUTHOR
 
REPLY TO GROUP



Hi everybody.

We are new to this list and need technical help.

We are getting access denied error on our debian clients when mounting
nfsv4 network drives with kerberos 5 authentication.

What is wired about this, is that it works with one server, but not with
a second server. The configuration on these both machines are identical,
witch we have tested by booting from the same USB drive.

The one where it works on is a Intel based standard workstation (HP
DC7800). The machine where it does not work is a AMD Opteron based
server (Sun X4540). Any other kerberos authentication (like smb and
netatalk) works fine.

We basically followed these instructions:
http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup

Our system configuration looks as follows:
-- 8< ----------------------------------------- >8 --
root@tmp2:/root # uname -a
FreeBSD tmp2.ist.intra 9.0-STABLE FreeBSD 9.0-STABLE #4: Thu Jun 14
08:58:14 UTC 2012     root@srv.....intra:/usr/obj/system/usr/src/sys/SRV
amd64


root@tmp2:/root #  diff /usr/src/sys/amd64/conf/GENERIC
/usr/src/sys/amd64/conf/SRV
348a349,354
>
>
> options               KGSSAPI
> device                crypto
>
> options               NETATALK


root@tmp2:/root # cat /etc/krb5.conf
[libdefaults]
        default_realm = IST.INTRA
        forwardable = true
        proxiable = true


root@tmp2:/root # ktutil list
FILE:/etc/krb5.keytab:

Vno  Type                     Principal
  1  aes256-cts-hmac-sha1-96  nfs/tmp2.ist.intra@IST.INTRA
  1  des3-cbc-sha1            nfs/tmp2.ist.intra@IST.INTRA
  1  arcfour-hmac-md5         nfs/tmp2.ist.intra@IST.INTRA

ktutil: krb5_kt_start_seq_get krb4:/etc/srvtab: open(/etc/srvtab): No
such file or directory


root@tmp2:/root # cat /etc/exports

V4: /tmp -sec=krb5p -network 192.168.1.0 -mask 255.255.255.0
/tmp/blah -sec=krb5p -network 192.168.1.0 -mask 255.255.255.0
root@tmp2:/root #



root@tmp2:/root # less /var/run/dmesg.boot
FreeBSD 9.0-STABLE #4: Thu Jun 14 08:58:14 UTC 2012
    root@srv.....intra:/usr/obj/system/usr/src/sys/SRV amd64
CPU: Six-Core AMD Opteron(tm) Processor 2435 (2600.16-MHz K8-class CPU)
  Origin = "AuthenticAMD"  Id = 0x100f80  Family = 10  Model = 8
Stepping = 0

Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x802009<SSE3,MON,CX16,POPCNT>
  AMD
Features=0xee500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM,3DNow!+,3DNow!>
  AMD
Features2=0x37ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT>
  TSC: P-state invariant
-- 8< ----------------------------------------- >8 --

Any help is greatly appreciated.

Kind regards,
Herbert Poeckl

_______________________________________________
freebsd-stable@free... mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@free..."
Bookmark with:

Delicious   Digg   reddit   Facebook   StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.
© opensubscriber 2010
All rights reserved.

Alternate link - Alternate link