I am having trouble using NFSv4 via krb5 on my new IPA realm, and I am starting to wonder if I don't have HBAC rules set up correctly. I installed freeIPA with --no_hbac_allow.
I have an HBAC service defined as an nfs service: $ ipa hbacsvc-add --desc="NFS service" nfs I have an HBAC rule that allows all users to access all services on a group of hosts. My nfsclient is in that group. Is that enough to allow users rights to mount nfs shares? Do I need some sort of HBAC between the nfsclient and the nfsserver? Thanks! Joanna -- Joanna Delaporte Linux Systems Administrator | Parkland College joannadelapo...@gmail.com
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project