On 2017-04-13 14:24, Ronald Wimmer wrote:
> [...]
> It was my own fault. I somehow messed up the /etc/krb5.keytab on the
> testclient. After correcting it everything works like a charm.

No. It was not....I was mistaken. The problem is:

- sec=sys
  when I set sec=sys, the share gets automounted and the directory gets
created
  with the right permissions but the user gets a "Permission denied"
fore some reason
- sec=krb5
   the share does not even get automounted

sec=krb5p:
Apr 14 13:30:06 testclient automount[17792]: lookup_mount: lookup(sss):
looking up /home
Apr 14 13:30:06 testclient automount[17792]: lookup_mount: lookup(sss):
/home -> -fstype=nfs4,rw,sec=krb5p ipanfs.linux.mydomain.at:/homeshare
Apr 14 13:30:06 testclient automount[17792]: parse_mount: parse(sun):
expanded entry: -fstype=nfs4,rw,sec=krb5p
ipanfs.linux.mydomain.at:/homeshare
Apr 14 13:30:06 testclient automount[17792]: parse_mount: parse(sun):
gathered options: fstype=nfs4,rw,sec=krb5p
Apr 14 13:30:06 testclient automount[17792]: parse_mount: parse(sun):
dequote("ipanfs.linux.mydomain.at:/homeshare") ->
ipanfs.linux.mydomain.at:/homeshare
Apr 14 13:30:06 testclient automount[17792]: parse_mount: parse(sun):
core of entry: options=fstype=nfs4,rw,sec=krb5p,
loc=ipanfs.linux.mydomain.at:/homeshare
Apr 14 13:30:06 testclient automount[17792]: sun_mount: parse(sun):
mounting root /home, mountpoint /home, what
ipanfs.linux.mydomain.at:/homeshare, fstype nfs4, options rw,sec=krb5p
Apr 14 13:30:06 testclient automount[17792]: mount_mount: mount(nfs):
root=/home name=/home what=ipanfs.linux.mydomain.at:/homeshare,
fstype=nfs4, options=rw,sec=krb5p
Apr 14 13:30:06 testclient automount[17792]: mount_mount: mount(nfs):
nfs options="rw,sec=krb5p", nobind=0, nosymlink=0, ro=0
Apr 14 13:30:06 testclient automount[17792]: get_nfs_info: called with
host ipanfs.linux.mydomain.at(10.66.39.164) proto 6 version 0x40
Apr 14 13:30:06 testclient automount[17792]: get_nfs_info: nfs v4 rpc
ping time: 0.000265
Apr 14 13:30:06 testclient automount[17792]: get_nfs_info: host
ipanfs.linux.mydomain.at cost 265 weight 0
Apr 14 13:30:06 testclient automount[17792]: prune_host_list: selected
subset of hosts that support NFS4 over TCP
Apr 14 13:30:06 testclient automount[17792]: mount_mount: mount(nfs):
calling mkdir_path /home
Apr 14 13:30:06 testclient automount[17792]: mount_mount: mount(nfs):
calling mount -t nfs4 -s -o rw,sec=krb5p
ipanfs.linux.mydomain.at:/homeshare /home
Apr 14 13:30:06 testclient automount[17792]: spawn_mount: mtab link
detected, passing -n to mount
Apr 14 13:30:06 testclient gssproxy: gssproxy[889]: (OID: { 1 2 840
113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more
information, No credentials cache found
Apr 14 13:30:06 testclient automount[17792]: >> mount.nfs4: access
denied by server while mounting ipanfs.linux.mydomain.at:/homeshare
Apr 14 13:30:06 testclient automount[17792]: mount(nfs): nfs: mount
failure ipanfs.linux.mydomain.at:/homeshare on /home
Apr 14 13:30:06 testclient automount[17792]: dev_ioctl_send_fail: token
= 55
Apr 14 13:30:06 testclient automount[17792]: failed to mount /home
Apr 14 13:30:06 testclient automount[17792]: handle_packet: type = 5
Apr 14 13:30:06 testclient automount[17792]:
handle_packet_missing_direct: token 56, name /home, request pid 17808
Apr 14 13:30:06 testclient automount[17792]: dev_ioctl_send_fail: token
= 56
Apr 14 13:30:06 testclient automount[17792]: handle_packet: type = 5
Apr 14 13:30:06 testclient automount[17792]:
handle_packet_missing_direct: token 57, name /home, request pid 17808
Apr 14 13:30:06 testclient automount[17792]: dev_ioctl_send_fail: token
= 57

I would like to start with sec=sys - why doest the user get a permission
denied even if its home directory appears to have the right permissions?
Where do I have to look into?

Regards,
Ronald Wimmer

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to