I need some pointers for getting NFSv4 to use krb5 authorization in my IPA
My realm is new. I have just migrated some users from an NIS domain to the
IPA realm. The numerical UIDs and GIDs do not all match. I set up NFS
server and client, and automaps using the recommended methods in the RHEL 7
Storage and Domain Auth/Policy guides.
In the exports file on the nfsserver, as long as I
have sec=krb5p:krb5i:krb5:sys in my options, I can successfully automount.
However, when I remove sys, I no longer am able to mount. I have
Automount hangs when I restart it, while trying to mount the first NFS
If I try to mount on the command line, I get this:
root$ mount -t nfs4 -o rw,sec=krb5,vers=4.0 arcturus:/ /mnt
mount.nfs4: access denied by server while mounting arcturus:/
If I take out sec=krb5, it works. It just rolls back to sec=sys (confirmed
I am not seeing anything related to the mount attempts on the nfsserver
logs, but I'm not sure I am looking in the right logs.
I don't see anything happening in the ipaserver's krb5kdc.log, or httpd
error or access logs.
What am I missing?
Linux Systems Administrator | Parkland College
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project