Configuring client for NFS

Martin Simovic msimovic at concurrent-thinking.com
Thu Aug 21 07:27:18 EDT 2008 

looks like you are forgetting -t nfs4 ?

mount -t nfs4 -o sec=krb 17.201.112.127:/mount /home/mount

also, how does your /etc/exports look like?
the way NFS4 exports work have been changed dramatically (regardless of
kerberos in place or not)

mine /etc/exports looks like this

# NFS4 exports
/export         gss/krb5(ro,fsid=0,no_subtree_check,crossmnt)
/export/home    gss/krb5(rw,no_subtree_check)

furthermore mounts need to be something like this

/dev/mapper/data-home		/home		ext3
defaults,noexec,nosuid,nodev,usrquota,grpquota    0       3

/home		/export/home	none		bind	0	0


Martin.

On Thu, 2008-08-21 at 16:38 +0530, abhishek chowdhury wrote:
> Now i am getting the ticket for nfs service also after re creating the
> pricncipals and keytab but still i am getting authentication error
> after the command
> mount -o sec=krb5 17.201.112.127:/mount /home/mount
> 
> and according to the link
> (https://help.ubuntu.com/community/NFSv4Howto) i need to have only one
> entry for des but that is required only if client in non MAC ,in my
> case client is MAC , so i don\'t think there is any problem with
> entries for des.
> 
> 
> 
> On 8/21/08, Martin Simovic <msimovic at concurrent-thinking.com> wrote:
> On Wed, 2008-08-20 at 23:00 -0700, Abhishek Chowdhury wrote:
> > > I want to set up NFS for kerberos authentication.
> > > I have created all the required principals and keytabs correctly and made an
> > > entry in etc/exports as
> > > /mount 17.224.21.59 -sec=krb5 -ro
> > >
> > > Now on client side after successful kinit  i get the initial krbtgt ticket .
> > > after that when i am trying to run the command
> > > mount 17.201.112.127:/mount /home/mount
> > > I am getting permission denied and not getting the ticket for nfs .
> > > Is there any step to enable nfs for kerberos at client side.
> > > Any pointer will be very helpful.  :working:
> > >
> >
> > Might help if I point you to this docs
> > https://help.ubuntu.com/community/NFSv4Howto
> >
> > will work for most recent distributions that do support NFS4
> > the problem where i was getting stuck was the fact that the
> > nfs/host.domain.com at REALM.TLD principal has to be extracted to the
> > keytab with the des encryption only (by default there is des and 3des -
> > won\'t work)
> >
> > M.
> >
> >
> 
> --
> Regards
> 
> Abhishek Chowdhury

More information about the Kerberos mailing list