Here are my notes on setting up Kerberized NFSv4 in Debian-edu Squeeze (I tested with alpha0). Unfortunately, they don't work - the mount simply hangs with no error message in the log either on client or server. I've observed the same both on Debian Squeeze and Ubuntu 10.04. Does anybody know what might be wrong?
-- On tjener: Add to /etc/exports: /skole/tjener/home0 *(rw,async,no_subtree_check,sec=krb5,fsid=0) # vim /etc/default/nfs-kernel-server NEED_SVCGSSD=yes # vim /etc/idmapd.conf Domain = intern No need to edit /etc/default/nfs-common, idmapd is started if /etc/exports exists. # kadmin kadmin: addprinc -randkey nfs/klient.intern A nfs/tjener.intern principal already exists and does not need to be created. # vim /etc/krb5.conf somewhere in section [libdefaults]: allow_weak_crypto = true # invoke-rc.d krb5-kdc restart # invoke-rc.d nfs-common restart # invoke-rc.d nfs-kernel-server restart -- On ltspserver or workstation: # kadmin kadmin: ktadd nfs/klient.intern # vim /etc/krb5.conf somewhere in section [libdefaults]: allow_weak_crypto = true # vim /etc/default/nfs-common NEED_IDMAPD=yes NEED_GSSD=yes # vim /etc/idmapd.conf Domain = intern # invoke-rc.d nfs-common restart Try mounting. Note that tjener.intern:/ is not a typo - fsid=0 in /etc/exports declares that home0 is the root of the exported tree. # mount -t nfs4 -o sec=krb5 tjener.intern:/ /mnt/ See also: http://wiki.linux-nfs.org/wiki/index.php/Enduser_doc_kerberos https://help.ubuntu.com/community/NFSv4Howto#NFSv4%20with%20Kerberos -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
