From: "François Valenduc" <francois.valenduc@skynet.be>
To: linux-nfs@vger.kernel.org
Subject: nfs and kerberos authentification problem.
Date: Wed, 03 Sep 2008 20:19:37 +0200 [thread overview]
Message-ID: <48BED539.1000404@skynet.be> (raw)
[-- Attachment #1: Type: text/plain, Size: 1297 bytes --]
Hello everybody,
I am trying to set up kerberos authentification with nfs but it doesn't
succeed. I have created to principals for the client and the server. I
have added the client's principal to the keytab file by setting
des-encryption (with ktadd -e des-cbc-crc:normal
nfs/ordi-francois.homenetwork.net). I have changed the /etc/krb5.conf on
the client file to use des encryption. So, it's set like this;
[libdefaults]
default_realm = HOMENETWORK.NET
default_tkt_enctypes = aes256-cts-hmac-sha1-96 des-cbc-crc
default_tgs_enctypes = aes256-cts-hmac-sha1-96 des-cbc-crc
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc
des3-hmac-sha1
forwardable = true
[realms]
HOMENETWORK.NET = {
admin_server = pc-francois.homenetwork.net:749
kdc = pc-francois.homenetwork.net:88
}
[domain_realm]
.homenetwork.net = HOMENETWORK.NET
homenetwork.net = HOMENETWORK.NET
But, it doesn't succeed. I can see in the log of the server
(pc-francois) that the client (ordi-francois) get's a kerberos ticket
but each time I mount a nfs share, it fails with this error:
mount.nfs: permission denied.
Does anybody know what's happening ?
I have put the log of the server in the attached file.
Thanks in advance for your help,
François Valenduc
[-- Attachment #2: nfs-kerberos --]
[-- Type: text/plain, Size: 3982 bytes --]
Sep 3 19:36:22 pc-francois mountd[7747]: authenticated mount request from ordi-francois:865 for /home/francois (/home/francois)
Sep 3 19:36:22 pc-francois krb5kdc[9787]: AS_REQ (2 etypes {18 1}) 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=1 tkt=18 ses=18}, nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for krbtgt/HOMENETWORK.NET-wmZDWbG+120CDknkFGB/9A@public.gmane.org
Sep 3 19:36:22 pc-francois krb5kdc[9787]: AS_REQ (2 etypes {18 1}) 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=1 tkt=18 ses=18}, nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for krbtgt/HOMENETWORK.NET-wmZDWbG+120CDknkFGB/9A@public.gmane.org
Sep 3 19:36:22 pc-francois krb5kdc[9787]: TGS_REQ (2 etypes {18 1}) 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=18 tkt=1 ses=1}, nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for nfs/pc-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
Sep 3 19:36:22 pc-francois krb5kdc[9787]: TGS_REQ (2 etypes {18 1}) 192.168.1.3: ISSUE: authtime 1220463382, etypes {rep=18 tkt=1 ses=1}, nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org for nfs/pc-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: leaving poll
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: handling null request
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: readline: read 1106 chars into buffer of size 2048: \x \x6082022206092a864886f71201020201006e8202113082020da003020105a10302010ea20703050020000000a3820125618201213082011da003020105a11b825f74da9da214cf8780d29b9e4d2020640fbd2c598eb5e23ec084f9a8...
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: in_handle:
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: length 0
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]:
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: in_tok:
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: length 550
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]:
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: 0000: 6082 0222 0609 2a86 4886 f712 0102 0201 `.."..*.H.......
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: 0010: 006e 8202 1130 8202 0da0 0302 0105 a103 .n...0..........
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: 0020: 0201 0ea2 0703 0500 2000 0000 a382 0125 ........ ......%
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: 0030: 6182 0121 3082 011d a003 0201 05a1 111b a..!0...........
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: 0040: 0f48 4f4d 454e 4554 574f 524b 2e4e 4554 .HOMENETWORK.NET
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: 0050: a22d 302b a003 0201 03a1 2430 221b 036e .-0+......$0"..n
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: 0060: 6673 1b1b 7063 2d66 7261 6e63 6f69 732e fs..pc-francois.
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: 0070: 686f 6d65 6e65 7477 6f72 6b2e 6e65 74a3 homenetwork.net.
...
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: sname = nfs/ordi-francois.homenetwork.net-wmZDWbG+120CDknkFGB/9A@public.gmane.org
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: DEBUG: serialize_krb5_ctx: lucid version!
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: doing downcall
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: \x01000000 2147483647 -1 -1 0 krb5 \x0000000000000000b46525b6ff7f00000000000000000000000000000000000016acbf48c5090c26090000002a864886f7120102020400000008000000a2df25511fa8fb680400000008000000522fd5a1ef580b98
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: sending null reply
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: writing message: \x \x6082022206092a864886f71201020201006e8202113082020da003020105a10302010ea20703050020000000a3820125618201213082011da003020105a11
...
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: finished handling null request
Sep 3 19:36:22 pc-francois rpc.svcgssd[7008]: entering poll
next reply other threads:[~2008-09-03 18:20 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-03 18:19 François Valenduc [this message]
2008-09-03 20:12 ` nfs and kerberos authentification problem Kevin Coffman
[not found] ` <4d569c330809031312p3515f4d8id9cbec94d871e058-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-09-04 16:45 ` François Valenduc
2008-09-04 16:56 ` J. Bruce Fields
2008-09-04 17:31 ` François Valenduc
2008-09-04 17:33 ` J. Bruce Fields
2008-09-04 17:41 ` François Valenduc
2008-09-04 17:49 ` J. Bruce Fields
2008-09-04 17:58 ` François Valenduc
2008-09-04 18:39 ` J. Bruce Fields
2008-09-04 18:53 ` François Valenduc
2008-09-04 18:59 ` J. Bruce Fields
2008-09-04 19:31 ` Kevin Coffman
[not found] ` <4d569c330809041231wcbddde8w419968280de9e39a-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-09-04 19:38 ` François Valenduc
2008-09-04 19:40 ` J. Bruce Fields
2008-09-04 19:41 ` J. Bruce Fields
2008-09-04 19:56 ` François Valenduc
2008-09-05 18:36 ` François Valenduc
2008-09-05 18:57 ` François Valenduc
2008-09-05 21:26 ` J. Bruce Fields
2008-09-05 21:23 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48BED539.1000404@skynet.be \
--to=francois.valenduc@skynet.be \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.