I actually ended up figuring this out. For whatever reasons NFS_SECURE=“yes” 
was not in the configuration file (/etc/sysconfig/nfs). Once I added that to 
the configuration on the NFS server and the client (not sure if it’s needed 
there or not) but it started working after resetting all the services. 

Thanks for the reply.

-Kevin

> On Nov 8, 2018, at 12:46 PM, Robbie Harwood <rharw...@redhat.com> wrote:
> 
> Kevin Vasko via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
> writes:
> 
>> I followed these instructions to enable kerberos within my realm/domain. 
>> 
>> My FreeIPA, NFS server and my NFS client is CentOS 7.4
>> 
>> https://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/kerb-nfs.html
>> 
>> I’m completely stuck in that when I mount the NFS share I get
>> 
>> Sudo mount -o sec=krb5p share.example.com:/data/shared /mnt/shared
>> 
>> “mount.nfs: access denied by server while mounting 
>> share.example.com:/data/shared”
>> 
>> My /etc/exports file
>> /data/shared 172.16.0.0/24(sec=krb5p, rw, ...)
>> 
>> On my nfs server /var/log/messages all i see is
>> 
>> rpc.mountd[1674]: authenticated mount request from 172.16.0.23:819 for 
>> /data/shared (/data/shared)
>> 
>> If i remove the “sec=krb5p” from the mount and the exports file it mounts 
>> just fine.
> 
> What messages to you see from rpc.gssd on the client (assuming you're
> using gssproxy)?  Also, anything in gssproxy logs on the server or
> client?
> 
> Thanks,
> --Robbie
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to