Re: [Freeipa-users] FreeIpa Server + NFSv4 Kerberos mount problem.
Hi Arthur, we also could not get Ubuntu 16.04 to run with out Kerberized NFS Server. Ubuntu 14.04 runs without problems. Maybe you can try that? You could have been hit by: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1604396 The advice to upgrade the kernel did unfortunately not help for us (as you can see in my comments). Best regards, Torsten -- <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> <> <> <> Dr. Torsten Harenberg harenb...@physik.uni-wuppertal.de <> <> Bergische Universitaet <> <> FB C - Physik Tel.: +49 (0)202 439-3521 <> <> Gaussstr. 20 Fax : +49 (0)202 439-2811 <> <> 42097 Wuppertal <> <> <> <><><><><><><>< Of course it runs NetBSD http://www.netbsd.org ><> -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIpa Server + NFSv4 Kerberos mount problem.
Alan, thank you very much for your prompt answer, I didnt completely understand your point. So basically FreeNAS would be incompatible with FreeIPA? If that is the case, my alternative would be to set up another NFS server? Did you by any chance get this working before? The reason why I am asking you this is just because I have followed so many guides already and I even tried a separate Ubuntu NFS server which also didn't work. If this approach of using FreeIPA + NFSv4 works is there any recommended scenario that would lead to a working solution between them? Thank you very much. Arthur. On Sat, Oct 8, 2016 at 6:05 PM Alan Latteri wrote: > I think you problem is FreeNAS and not IPA itself. In FreeNAS 10 they > will have built in IPA functionality. > > On Oct 8, 2016, at 5:47 PM, Arthur Morales Sampaio > wrote: > > Good morning, my name is Arthur and I am working on the integration of > FreeIPA and NFSv4 mounting for home directory sharing for authenticated > users. > > This is the first time I am doing this so the problem could be simple. > It's been already a week that I have been struggling with this and I don't > know where else to ask for help. I have read pretty much everything that is > to be read online regarding Freeipa integration. > > Here is my scenario: > - FreeIPA server 4.2.0 - Centos7 > - FreeNAS (NFSv4 server) 10 - FreeBSD (bundled with FreeNAS) > - Client Ubuntu 16.04. Installed IPA client using ipa-client-install and > imported LDAP credentials. Kerberos login is working properly I can log > into the machines using IPA users. But can't mount NFS4 using sec=krb5 > option. > > I have a functional FreeIPA server with Kerberos authentication working > properly. But I can't get NFSv4 authenticated to work in freeipa-clients. > > Following is the error that I am getting: > > > > I know that this might not be enough detail for me to get help for this > problem. But the thing is that I don't know how to enable a more verbosity > functionality for this. > > The desired behavior would be to create mounts for home directories of > users and enable kerberos security to mount them. Meaning that I need only > the owners to be able to mount them. > > This is something that is very confusing for me. Wouldn't I be required to > somehow pass to the mount command the username or any credentials of the > kerberos user just so the NFS server would know *WHO* is trying to mount > the directory? > > I really exhausted my resources in trying to fix this issue. > > Does FreeIPA work with NFSv4? > > I sincerely appreciate your help on this one. > > Best regards, > Arthur > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
Re: [Freeipa-users] FreeIpa Server + NFSv4 Kerberos mount problem.
I think you problem is FreeNAS and not IPA itself. In FreeNAS 10 they will have built in IPA functionality. > On Oct 8, 2016, at 5:47 PM, Arthur Morales Sampaio wrote: > > Good morning, my name is Arthur and I am working on the integration of > FreeIPA and NFSv4 mounting for home directory sharing for authenticated users. > > This is the first time I am doing this so the problem could be simple. It's > been already a week that I have been struggling with this and I don't know > where else to ask for help. I have read pretty much everything that is to be > read online regarding Freeipa integration. > > Here is my scenario: > - FreeIPA server 4.2.0 - Centos7 > - FreeNAS (NFSv4 server) 10 - FreeBSD (bundled with FreeNAS) > - Client Ubuntu 16.04. Installed IPA client using ipa-client-install and > imported LDAP credentials. Kerberos login is working properly I can log into > the machines using IPA users. But can't mount NFS4 using sec=krb5 option. > > I have a functional FreeIPA server with Kerberos authentication working > properly. But I can't get NFSv4 authenticated to work in freeipa-clients. > > Following is the error that I am getting: > > > > I know that this might not be enough detail for me to get help for this > problem. But the thing is that I don't know how to enable a more verbosity > functionality for this. > > The desired behavior would be to create mounts for home directories of users > and enable kerberos security to mount them. Meaning that I need only the > owners to be able to mount them. > > This is something that is very confusing for me. Wouldn't I be required to > somehow pass to the mount command the username or any credentials of the > kerberos user just so the NFS server would know WHO is trying to mount the > directory? > > I really exhausted my resources in trying to fix this issue. > > Does FreeIPA work with NFSv4? > > I sincerely appreciate your help on this one. > > Best regards, > Arthur > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
[Freeipa-users] FreeIpa Server + NFSv4 Kerberos mount problem.
Good morning, my name is Arthur and I am working on the integration of FreeIPA and NFSv4 mounting for home directory sharing for authenticated users. This is the first time I am doing this so the problem could be simple. It's been already a week that I have been struggling with this and I don't know where else to ask for help. I have read pretty much everything that is to be read online regarding Freeipa integration. Here is my scenario: - FreeIPA server 4.2.0 - Centos7 - FreeNAS (NFSv4 server) 10 - FreeBSD (bundled with FreeNAS) - Client Ubuntu 16.04. Installed IPA client using ipa-client-install and imported LDAP credentials. Kerberos login is working properly I can log into the machines using IPA users. But can't mount NFS4 using sec=krb5 option. I have a functional FreeIPA server with Kerberos authentication working properly. But I can't get NFSv4 authenticated to work in freeipa-clients. Following is the error that I am getting: I know that this might not be enough detail for me to get help for this problem. But the thing is that I don't know how to enable a more verbosity functionality for this. The desired behavior would be to create mounts for home directories of users and enable kerberos security to mount them. Meaning that I need only the owners to be able to mount them. This is something that is very confusing for me. Wouldn't I be required to somehow pass to the mount command the username or any credentials of the kerberos user just so the NFS server would know *WHO* is trying to mount the directory? I really exhausted my resources in trying to fix this issue. Does FreeIPA work with NFSv4? I sincerely appreciate your help on this one. Best regards, Arthur -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
