On Wed, 2011-11-16 at 20:44 +0100, Thomas Sailer wrote: > On 11/16/2011 08:40 PM, Simo Sorce wrote: > > Are you using DES keys ? In that case you probably need to allow weak > > crypto on both server and client. Note that if all your server/clients > > are FC16 and you have no old ones < FC14 or < RHEL 6 then you do not > > need to force the creation of the nfs/ principal to use only DES keys. > > Simo. > > No. I did not use any -e parameter to ipa-getkeytab, so I got > aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1 and > arcfour-hmac. Also, enctype 18 is AFAIK not weak. > > I also tried enabling weak crypto, and to use only des keys, but that > didn't help either.
If you did this on both server and client, then it looks like it is a nfsd bug, and not a freeipa one. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users