I need some pointers for getting NFSv4 to use krb5 authorization in my IPA realm.
My realm is new. I have just migrated some users from an NIS domain to the IPA realm. The numerical UIDs and GIDs do not all match. I set up NFS server and client, and automaps using the recommended methods in the RHEL 7 Storage and Domain Auth/Policy guides. In the exports file on the nfsserver, as long as I have sec=krb5p:krb5i:krb5:sys in my options, I can successfully automount. However, when I remove sys, I no longer am able to mount. I have root_squash set. Automount hangs when I restart it, while trying to mount the first NFS directory. If I try to mount on the command line, I get this: root$ mount -t nfs4 -o rw,sec=krb5,vers=4.0 arcturus:/ /mnt mount.nfs4: access denied by server while mounting arcturus:/ If I take out sec=krb5, it works. It just rolls back to sec=sys (confirmed with mountstats). I am not seeing anything related to the mount attempts on the nfsserver logs, but I'm not sure I am looking in the right logs. I don't see anything happening in the ipaserver's krb5kdc.log, or httpd error or access logs. What am I missing? Thanks! Joanna -- Joanna Delaporte Linux Systems Administrator | Parkland College joannadelapo...@gmail.com
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
