Hi, Pretty sure I followed the RH 6.3beta doc exactly...it all worked until I found that non-IPA'd clients could also connect....so if I put sys: back it should be fine....so its the kerberos bit or export options.
I have raised a case with RH support for help and also the IPA NFS will need updating if something is missing....thanks. regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: [email protected] [[email protected]] on behalf of Chris Evich [[email protected]] Sent: Friday, 11 May 2012 1:37 a.m. To: [email protected] Subject: Re: [Freeipa-users] insecure IPA'd NFS On 05/09/2012 08:47 PM, Steven Jones wrote: > Removed the sys: and now no IPA'd client can mount.....oh joy.... Hehe, this is typical (and frustrating) for fresh NFS+Kerberos setups. it's very easy to miss a little detail and not get much back as to why it's not working. I'd suggest going through the setup step-by-step again to see what's missing. Does both client and server have valid nfs/<fqdn>@DOMAIN keys in /etc/krb5.keytab? Is /etc/krb5.keytab accessible (i.e. no SELinux problems)? Is port 2049 open on firewall? What's the state of rpc.svcgssd process on server and rpc.gssd process on client? Can you manually mount the export on the server? What shows in krb5kdc.log when trying to manually mount on client? If none of those localize the problem area further, you can go down the road of bumping the rpc debug levels on both sides to see where the issue is. Hope that helps. _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
