I am having trouble using NFSv4 via krb5 on my new IPA realm, and I am
starting to wonder if I don't have HBAC rules set up correctly. I
installed freeIPA with --no_hbac_allow.
I have an HBAC service defined as an nfs service:
$ ipa hbacsvc-add --desc="NFS service" nfs
I have an HBAC rule that allows all users to access all services on a group
of hosts. My nfsclient is in that group.
Is that enough to allow users rights to mount nfs shares? Do I need some
sort of HBAC between the nfsclient and the nfsserver?
Linux Systems Administrator | Parkland College
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project