Re: Kerberized NFSv3 Client for Linux

[Suresh Jayaram <sureshjayaram@gmail.com>]

Kevin,

Thanks for your inputs.

On Mon, 14 Feb 2005 10:09:45 -0500, Kevin Coffman <kwc@citi.umich.edu> wrote:
> I don't think you mentioned Suse in your message to the Kerberos list.
> Does this mean you have Heimdal (as opposed to MIT) Kerberos libraries
> on your client?  (We have problems with the released Heimdal code.)
Yeah I didn't mention that my NFS client is SLES, but I have installed
MIT kerberos on SLES and Iam using that only.

> I assume you are running rpc.gssd on the client.  Can you run that with
> "-vvv" and send the output when you attempt to do the mount?
When I started rpc.gssd on client (-vvv option) I got the following
info on /var/log/messages

Feb 15 10:07:01 nfsclient rpc.gssd[13870]: Using keytab file '/etc/krb5.keytab'
Feb 15 10:07:01 nfsclient rpc.gssd[13870]: Processing keytab entry for
principal 'nfs/nfsserver.domain@REALM'
Feb 15 10:07:01 nfsclient rpc.gssd[13870]: We will use this entry
(nfs/nfs-server.domain@REALM)
Feb 15 10:07:01 nfsclient rpc.gssd[13870]: Using (machine) credentials
cache: 'FILE:/tmp/krb5cc_machine_REALM'
Feb 15 10:07:01 nfsclient rpc.gssd[13870]: processing client list

But when I try to mount, Iam not getting any log messages. I
understand that I have to extract nfs service principal on client also
(though not sure why..)
Also rpcsec_gss_krb5 support is compiled in to my kernel (not as a
module) CONFIG_RPCSEC_GSS_KRB5=y). Is this OK ? or need to be compiled
only as a module. My System.map also have rpcsec_gss symbols..

>From the snoop traces Iam able to see MOUNT reply itself is failing
(Status = ERR_ACCESS). It is not returning the AUTH flavors supported.

Thanks,
Suresh
 
> > Iam trying to setup kerberized NFS(v3) client for Linux.
> >
> > My setup details
> > NFS client: Suse Linux Enterprise Server (SLES 9) which has
> > kernel - 2.6.5-7.97 (CONFIG_SUNRPC=y, CONFIG_SUNRPC_GSS=y,
> > CONFIG_RPCSEC_GSS_KRB5=y )
> >
> > nfs-utils-1.0.7 (patched - nfs-utils-1.0.7-CITI_NFS4_ALL-1.dif)
> > util-linux-2.12 (patched - util-linux-2.12-CITI_NFS4_ALL-3.dif)
> >
> > KDC Server: RedHat Linux
> > NFS Server: Kerberized Solaris server (KDC Server & NFS Server are
> > Tested and working fine)
> >
> > To setup kerberized Linux Client, I presume a kernel with rpcsecgss
> > support, patched nfs-utils pkg and patched util-linux pkg is
> > sufficient. (Let me know any other pkg/configuration is required)
> >
> > My NFS Server export entry is:
> > share -F nfs -o sec=krb5 /export/home
> >
> > Server has nfs principal registered to KDC and the user principal of
> > client also registered to the Server.
> > After doing a kinit if I try to mount the exported path, Iam getting
> >
> > "mount: nfsserver:/export/home failed, reason given by server:
> > Permission denied"
> > Then I specified the client name in the exports file make gave
> > readonly perms. Then also I got the same error.
> >
> > Am I missing something ? Any pointers ..
> >
> > thanks,
> > Suresh
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > NFS maillist  -  NFS@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nfs
> 
> 


-- 
"Good Luck is when preparation meets opportunity"


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs