Thomas Sailer wrote:
Hi,

After upgrading one IPA client from Fedora12 to Fedora13 (the server
runs Fedora12), I'm experiencing NFS4 problems.

I can still mount the server from the client like this:
mount -t nfs4 -o soft,intr,rsize=8192,wsize=8192,rw,sec=krb5p 
server.xxx.com:/home /tmp/z
root can then successfully list subdirectories with ls /tmp/z. However,
when a normal user tries to do this, he gets -EACCES.

Permissions of /tmp/z should be ok:

# ls -ldZ /tmp/z
drwxr-xr-x. root root system_u:object_r:nfs_t:s0       /tmp/z

# getfacl /tmp/z
getfacl: Removing leading '/' from absolute path names
# file: tmp/z
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

# nfs4_getfacl /tmp/z
A::OWNER@:rwaDxtTcCy
A::GROUP@:rxtcy
A::EVERYONE@:rxtcy

It worked under Fedora 12. Does anybody have an idea what went wrong?


I assume the keytab is still valid since the mount succeeds and root works. Kerberos otherwise works ok on this machine, you can kinit, etc?

You might want to check the kdc log on and the 389-ds log, you might see some querying to find the user for authentication.

Do things like 'getent passwd <someuser>' still work?

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to