On Wed, Mar 18, 2020 at 7:07 PM Markus Roth <[email protected]> wrote: > > Hi François, > > I was able to achieve a small success with manual mounting. Instead of the > following mount command: > > mount -t nfs4 -o sec=krb5 nfs-server.example.com:/ /<mountpoint> > > I changed this up to: > > mount -t nfs4 -o sec=krb5i nfs-server.example.com:/ /<mountpoint>
If this works, how is the NFS file system exported in the first place? This smells like it's exported krb5i-only, or krb5i+krb5p-only, not krb5. See: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/storage_administration_guide/s1-nfs-client-config-options for an explanation of the difference. > with that at least every user can access all directories and files from the > workstation's mountpoint. > > I will create the necessary log files and make them, as soon as possible, > available. > > > Markus Roth > > François Cami <[email protected]> hat am 18. März 2020 um 18:53 geschrieben: > > > Hi, > > On Wed, Mar 18, 2020 at 4:37 PM Markus Roth via FreeIPA-users > <[email protected]> wrote: > > > > Hi Daniel, > > thanks for pointing out the faulty mounting options. I changed it, but the > nfs share is not still mounted. > > I also checked IPA service principal for NFS and both server and client > principals exists. I delete all configurations and setup this step by step as > described at redhat doc again. > > > Can you show how your automount entries look like in LDAP? > We also need sssd debug logs. Put debug level to 6 or more, restart > sssd and trigger the issue again. > > Thank you, > François > > Regards / Mit freundlichen Grüßen, > > Markus Roth > > > > > [email protected] hat am 16. März 2020 um 09:23 geschrieben: > > > > > Hi Markus, > > On Sun, 15 Mar 2020, Markus Roth via FreeIPA-users wrote: > > I configured an automount location in my freeipa: > > #>automount -m > > autofs dump map information > =========================== > > global options: none configured > Mount point: /- > > source(s): > 100000000|lookup_read_map: lookup(sss): getautomntent_r: No such file or > directory > failed to read map > > Mount point: /Share > > source(s): > > instance type(s): sss > map: auto.public > > public | -fstype=nfs4,rw.sec=krb5,soft,rsize=8192,rsize=8192 nfs.example.com:/ > The /etc/exports on my nfs server looks as follows: > /export/data *(rw,fsid=0,sec=krb5:krb5i:krb5p) > When I mount the nfs share with the root user on the client: > > kinit <user> > mount -vvv -t nfs4 -o sec=krb5 idefix.example.com:/ /Share > > The root user can access the files mounted on the /Share directory > But the <user> itself get the message: > "access denied" > > automount the share on the directory failed. Nothing is mounted. > > Any hints to solve this will be appreciated! > > > > > are you positively sure that you have a properly configured IPA service > principal for NFS? Last time i had this, i simply forgot that. Also, there is > a suspiciously looking dot in your mount options ("... rw.sec=krb5 ..."). > > > > > Mit freundlichen Gruessen/With best regards, > > --Daniel. > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
