I need some pointers for getting NFSv4 to use krb5 authorization in my IPA

My realm is new. I have just migrated some users from an NIS domain to the
IPA realm. The numerical UIDs and GIDs do not all match. I set up NFS
server and client, and automaps using the recommended methods in the RHEL 7
Storage and Domain Auth/Policy guides.

In the exports file on the nfsserver, as long as I
have sec=krb5p:krb5i:krb5:sys in my options, I can successfully automount.
However, when I remove sys, I no longer am able to mount. I have
root_squash set.

Automount hangs when I restart it, while trying to mount the first NFS

If I try to mount on the command line, I get this:
root$ mount -t nfs4 -o rw,sec=krb5,vers=4.0 arcturus:/ /mnt
mount.nfs4: access denied by server while mounting arcturus:/

If I take out sec=krb5, it works. It just rolls back to sec=sys (confirmed
with mountstats).
I am not seeing anything related to the mount attempts on the nfsserver
logs, but I'm not sure I am looking in the right logs.

I don't see anything happening in the ipaserver's krb5kdc.log, or httpd
error or access logs.

What am I missing?



Joanna Delaporte
Linux Systems Administrator | Parkland College
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to