Re: nfs and kerberos authentification problem.

["François Valenduc" <francois.valenduc@skynet.be>]

Kevin Coffman a =E9crit :
> On Thu, Sep 4, 2008 at 2:59 PM, J. Bruce Fields <bfields@fieldses.org=
> wrote:
>  =20
>> On Thu, Sep 04, 2008 at 08:53:09PM +0200, Fran=E7ois Valenduc wrote:
>>    =20
>>> It's my home directory, so it has normal permission for such a dire=
ctory:
>>> drwxrwsr-x 77 francois francois 4,0K sep  4 20:43 francois/
>>>      =20
>> So everybody has permission to read that directory--OK, that shouldn=
't
>> be a problem.
>>
>>    =20
>>> I don't think there is someting strange with this. I start running =
out
>>> of ideas to get it working. I have reenabled nfs4 (which I also tri=
ed)
>>> and it give the same problem. In order to do that, I off course cha=
nged
>>> the exports file like this;
>>>      =20
>>> /export/francois
>>> ordi-francois(nohide,rw,root_squash,no_subtree_check,sec=3Dsys:krb5=
)
>>>      =20
>> Let's just pick nfsv3 and stick with it; both nfsv3 and nfsv4 should
>> work, and switching between the two just complicates the debugging.
>>
>> What does your mount commandline look like?
>>
>> Could you get a network trace?  Just start
>>
>>        tcpdump -s0 -wtmp.pcap
>>
>> then attempt the mount, then after it fails kill tcpdump and send me
>> tmp.pcap.
>>
>> --b.
>>    =20
>
> This may be a stupid question, but can you access the mount using
> auth_sys?  As I think I said before, it looks like the Kerberos part
> is working.  (Unless there are errors on the client side from
> rpc.gssd.)
>
>  =20
I finally found a solution to the problem. It seems that it's needed to=
=20
compile both NFS v3 and v4 server support to make kerberos support=20
working. I find that a bit strange, but with this kernel configuration,=
=20
it is working fine. I find that a bit strange since I export the=20
filesystem as NFS3.
Should we consider this as a bug ? I am running kernel 2.6.26.3.

Thanks a lot for your patience,
=46ran=E7ois