I am having trouble using NFSv4 via krb5 on my new IPA realm, and I am
starting to wonder if I don't have HBAC rules set up correctly.  I
installed freeIPA with --no_hbac_allow.

I have an HBAC service defined as an nfs service:
$ ipa hbacsvc-add --desc="NFS service" nfs

I have an HBAC rule that allows all users to access all services on a group
of hosts. My nfsclient is in that group.

Is that enough to allow users rights to mount nfs shares? Do I need some
sort of HBAC between the nfsclient and the nfsserver?

Thanks! Joanna


Joanna Delaporte
Linux Systems Administrator | Parkland College
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to