Hey all. I've been trying to setup kerberized NFS with IPA running on RHEL6.2 and NFS running on RHEL5.7. The documentation states that if you are using an older kernel (like the one in RHEL5) you need to use allow_weak_crypto = yes in your krb5.conf and make sure you specify -e des-cbc-crc when exporting your keytab from the IPA server. However things are not working out.
I do manage to export a des-cbc-crc key but when trying to mount the NFS share from an IPA client on rhel 6.2 it doesnt work. I have put the allow_weak_crypto = yes in the libdefaults section of my krb5.conf on all machines in the domain. And i've tried changing my password after that. But it still doesnt work. I'm unsure what to expect but if i do a klist -e i dont see any des-cbc-crc key in my keytab as the user i logged in as. If i move the NFS server to a RHEL 6.2 the mount from the RHEL6.2 client works just fine but then i'm unable to mount the share from the RHEL5.7 client. If i do a kinit u...@myrealm.bla and check the klist -e i dont have any des-cbc keys. I only get the AES ones. I did find this thread about running rhel5/rhel6 clients but with an AD kerberos domain so it's not the same problem. but they do get some of the same symptoms. http://www.spinics.net/lists/linux-nfs/msg22188.html There they specify default_tgs_enctypes and default_tkt_enctypes to get it working. Anyone here know's whats wrong or what i'm doing wrong? Regards Johnny _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users