Pretty sure I followed the RH 6.3beta doc exactly...it all worked until I found 
that non-IPA'd clients could also connect....so if I put sys: back it should be 
fine....so its the kerberos bit or export options.

I have raised a case with RH support for help and also the IPA NFS will need 
updating if something is missing....thanks.


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Chris Evich [cev...@redhat.com]
Sent: Friday, 11 May 2012 1:37 a.m.
To: freeipa-users@redhat.com
Subject: Re: [Freeipa-users] insecure IPA'd NFS

On 05/09/2012 08:47 PM, Steven Jones wrote:
> Removed the sys: and now no IPA'd client can mount.....oh joy....

Hehe, this is typical (and frustrating) for fresh NFS+Kerberos setups.
it's very easy to miss a little detail and not get much back as to why
it's not working.  I'd suggest going through the setup step-by-step
again to see what's missing.

Does both client and server have valid nfs/<fqdn>@DOMAIN keys in

Is /etc/krb5.keytab accessible (i.e. no SELinux problems)?

Is port 2049 open on firewall?

What's the state of rpc.svcgssd process on server and rpc.gssd process
on client?

Can you manually mount the export on the server?

What shows in krb5kdc.log when trying to manually mount on client?

If none of those localize the problem area further, you can go down the
road of bumping the rpc debug levels on both sides to see where the
issue is.

Hope that helps.

Freeipa-users mailing list

Freeipa-users mailing list

Reply via email to