Iam trying to setup kerberized NFS(v3) client for Linux.
My setup details
NFS client: Suse Linux Enterprise Server (SLES 9) which has
kernel - 2.6.5-7.97 (CONFIG_SUNRPC=y, CONFIG_SUNRPC_GSS=y,
CONFIG_RPCSEC_GSS_KRB5=y )
nfs-utils-1.0.7 (patched - nfs-utils-1.0.7-CITI_NFS4_ALL-1.dif)
util-linux-2.12 (patched - util-linux-2.12-CITI_NFS4_ALL-3.dif)
KDC Server: RedHat Linux
NFS Server: Kerberized Solaris server (KDC Server & NFS Server are
Tested and working fine)
To setup kerberized Linux Client, I presume a kernel with rpcsecgss
support, patched nfs-utils pkg and patched util-linux pkg is
sufficient. (Let me know any other pkg/configuration is required)
My NFS Server export entry is:
share -F nfs -o sec=krb5 /export/home
Server has nfs principal registered to KDC and the user principal of
client also registered to the Server.
After doing a kinit if I try to mount the exported path, Iam getting
"mount: nfsserver:/export/home failed, reason given by server:
Permission denied"
Then I specified the client name in the exports file make gave
readonly perms. Then also I got the same error.
Am I missing something ? Any pointers ..
thanks,
Suresh
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Kevin,
Thanks again for inputs..
> > Also I created /var/lib/nfs/rpc_pipefs. I am running "rpc.gssd -m" and
> > "rpc.idmapd" Now iam able to mount
> > mount -osec=krb5 nfsserver:/exportedpath /mntpoint
> > But When I do an "ls /mntpoint" it hangs
> Is this still as root, or as a normal user? If as a normal user,
> had you already done a kinit to get a Kerberos TGT?
All operations iam doing as root user only
> This means that rpc.gssd probably stopped, or is hung up and no
> longer answering upcalls. Running rpc.gssd with option "-vvv"
> may give more clues.
I did two more things..
1. Added rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0 to
/etc/fstab of CLIENT ( Not sure whether it is actually required in
client or not. But documentation says client will use rpc_pipesfs for
kernel/userspace communication and server will use proc fs)
2. ran rpc.gssd with -f option and -p /var/lib/nfs/rpc_pipefs
(Though not sure what -f means)
which reported "Could not find libgssapi_krb5.so", then modified the
path in gssapi_mech.conf
Now Iam able to mount, but ls doesn't hang it says "Permission denied"
/var/log/messages shows (rpc.gssd -vvv)
Feb 17 18:34:11 nfsclient rpc.gssd[4296]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_REALM' are good until 1108731834
Feb 17 18:34:11 nfsclient rpc.gssd[4296]: using
FILE:/tmp/krb5cc_machine_REALM as credentials cache for machine creds
Feb 17 18:34:11 nfsclient rpc.gssd[4296]: using gss_krb5_ccache_name
to select krb5 ccache FILE:/tmp/krb5cc_machine_REALM
Feb 17 18:34:11 nfsclient rpc.gssd[4296]: creating context using euid
0 (save_uid 0)
Feb 17 18:34:11 nfsclient rpc.gssd[4296]: creating tcp client for
server nfsserver.domain
Feb 17 18:34:11 nfsclient rpc.gssd[4296]: creating context with server
[email protected]
Feb 17 18:34:11 nfsclient rpc.gssd[4296]: WARNING: Failed to create
krb5 context for user with uid 0 for server nfsserver.domain
Feb 17 18:34:11 nfsclient rpc.gssd[4296]: WARNING: Failed to create
krb5 context for user with uid 0 with credentials cache
FILE:/tmp/krb5cc_machine_REALM for server nfsserver.domain
Feb 17 18:34:11 nfsclient rpc.gssd[4296]: WARNING: Failed to create
krb5 context for user with uid 0 with any credentials cache for server
nfsserver.domain
Feb 17 18:34:11 nfsclient rpc.gssd[4296]: doing error downcall
Any interoperability issues with Solaris NFS server(kerberized)?
Iam running gssd on NFSserver also ..
Any pointers ?
Thanks,
Suresh
> > > > > > Iam trying to setup kerberized NFS(v3) client for Linux.
> > > > > >
> > > > > > My setup details
> > > > > > NFS client: Suse Linux Enterprise Server (SLES 9) which has
> > > > > > kernel - 2.6.5-7.97 (CONFIG_SUNRPC=y, CONFIG_SUNRPC_GSS=y,
> > > > > > CONFIG_RPCSEC_GSS_KRB5=y )
> > > > > >
> > > > > > nfs-utils-1.0.7 (patched - nfs-utils-1.0.7-CITI_NFS4_ALL-1.dif)
> > > > > > util-linux-2.12 (patched - util-linux-2.12-CITI_NFS4_ALL-3.dif)
> > > > > >
> > > > > > KDC Server: RedHat Linux
> > > > > > NFS Server: Kerberized Solaris server (KDC Server & NFS Server are
> > > > > > Tested and working fine)
> > > > > >
> > > > > > To setup kerberized Linux Client, I presume a kernel with rpcsecgss
> > > > > > support, patched nfs-utils pkg and patched util-linux pkg is
> > > > > > sufficient. (Let me know any other pkg/configuration is required)
> > > > > >
> > > > > > My NFS Server export entry is:
> > > > > > share -F nfs -o sec=krb5 /export/home
> > > > > >
> > > > > > Server has nfs principal registered to KDC and the user principal of
> > > > > > client also registered to the Server.
> > > > > > After doing a kinit if I try to mount the exported path, Iam getting
> > > > > >
> > > > > > "mount: nfsserver:/export/home failed, reason given by server:
> > > > > > Permission denied"
> > > > > > Then I specified the client name in the exports file make gave
> > > > > > readonly perms. Then also I got the same error.
> > > > > >
> > > > > > Am I missing something ? Any pointers ..
> > > > > >
> > > > > > thanks,
> > > > > > Suresh
> > > > > >
> > > > > >
> > > > > > -------------------------------------------------------
> > > > > > SF email is sponsored by - The IT Product Guide
> > > > > > Read honest & candid reviews on hundreds of IT Products from real use
> > rs.
> > > > > > Discover which products truly live up to the hype. Start reading now.
> > > > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > > > > _______________________________________________
> > > > > > NFS maillist - [email protected]
> > > > > > https://lists.sourceforge.net/lists/listinfo/nfs
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > "Good Luck is when preparation meets opportunity"
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > SF email is sponsored by - The IT Product Guide
> > > > Read honest & candid reviews on hundreds of IT Products from real users.
> > > > Discover which products truly live up to the hype. Start reading now.
> > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > > _______________________________________________
> > > > NFS maillist - [email protected]
> > > > https://lists.sourceforge.net/lists/listinfo/nfs
> > >
> > >
> >
> >
> > --
> > "Good Luck is when preparation meets opportunity"
>
>
--
"Good Luck is when preparation meets opportunity"
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hi Suresh,
I don't think you mentioned Suse in your message to the Kerberos list.
Does this mean you have Heimdal (as opposed to MIT) Kerberos libraries
on your client? (We have problems with the released Heimdal code.)
I assume you are running rpc.gssd on the client. Can you run that with
"-vvv" and send the output when you attempt to do the mount?
> Iam trying to setup kerberized NFS(v3) client for Linux.
>
> My setup details
> NFS client: Suse Linux Enterprise Server (SLES 9) which has
> kernel - 2.6.5-7.97 (CONFIG_SUNRPC=y, CONFIG_SUNRPC_GSS=y,
> CONFIG_RPCSEC_GSS_KRB5=y )
>
> nfs-utils-1.0.7 (patched - nfs-utils-1.0.7-CITI_NFS4_ALL-1.dif)
> util-linux-2.12 (patched - util-linux-2.12-CITI_NFS4_ALL-3.dif)
>
> KDC Server: RedHat Linux
> NFS Server: Kerberized Solaris server (KDC Server & NFS Server are
> Tested and working fine)
>
> To setup kerberized Linux Client, I presume a kernel with rpcsecgss
> support, patched nfs-utils pkg and patched util-linux pkg is
> sufficient. (Let me know any other pkg/configuration is required)
>
> My NFS Server export entry is:
> share -F nfs -o sec=krb5 /export/home
>
> Server has nfs principal registered to KDC and the user principal of
> client also registered to the Server.
> After doing a kinit if I try to mount the exported path, Iam getting
>
> "mount: nfsserver:/export/home failed, reason given by server:
> Permission denied"
> Then I specified the client name in the exports file make gave
> readonly perms. Then also I got the same error.
>
> Am I missing something ? Any pointers ..
>
> thanks,
> Suresh
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Kevin,
Thanks for your inputs.
On Mon, 14 Feb 2005 10:09:45 -0500, Kevin Coffman <[email protected]> wrote:
> I don't think you mentioned Suse in your message to the Kerberos list.
> Does this mean you have Heimdal (as opposed to MIT) Kerberos libraries
> on your client? (We have problems with the released Heimdal code.)
Yeah I didn't mention that my NFS client is SLES, but I have installed
MIT kerberos on SLES and Iam using that only.
> I assume you are running rpc.gssd on the client. Can you run that with
> "-vvv" and send the output when you attempt to do the mount?
When I started rpc.gssd on client (-vvv option) I got the following
info on /var/log/messages
Feb 15 10:07:01 nfsclient rpc.gssd[13870]: Using keytab file '/etc/krb5.keytab'
Feb 15 10:07:01 nfsclient rpc.gssd[13870]: Processing keytab entry for
principal 'nfs/nfsserver.domain@REALM'
Feb 15 10:07:01 nfsclient rpc.gssd[13870]: We will use this entry
(nfs/nfs-server.domain@REALM)
Feb 15 10:07:01 nfsclient rpc.gssd[13870]: Using (machine) credentials
cache: 'FILE:/tmp/krb5cc_machine_REALM'
Feb 15 10:07:01 nfsclient rpc.gssd[13870]: processing client list
But when I try to mount, Iam not getting any log messages. I
understand that I have to extract nfs service principal on client also
(though not sure why..)
Also rpcsec_gss_krb5 support is compiled in to my kernel (not as a
module) CONFIG_RPCSEC_GSS_KRB5=y). Is this OK ? or need to be compiled
only as a module. My System.map also have rpcsec_gss symbols..
>From the snoop traces Iam able to see MOUNT reply itself is failing
(Status = ERR_ACCESS). It is not returning the AUTH flavors supported.
Thanks,
Suresh
> > Iam trying to setup kerberized NFS(v3) client for Linux.
> >
> > My setup details
> > NFS client: Suse Linux Enterprise Server (SLES 9) which has
> > kernel - 2.6.5-7.97 (CONFIG_SUNRPC=y, CONFIG_SUNRPC_GSS=y,
> > CONFIG_RPCSEC_GSS_KRB5=y )
> >
> > nfs-utils-1.0.7 (patched - nfs-utils-1.0.7-CITI_NFS4_ALL-1.dif)
> > util-linux-2.12 (patched - util-linux-2.12-CITI_NFS4_ALL-3.dif)
> >
> > KDC Server: RedHat Linux
> > NFS Server: Kerberized Solaris server (KDC Server & NFS Server are
> > Tested and working fine)
> >
> > To setup kerberized Linux Client, I presume a kernel with rpcsecgss
> > support, patched nfs-utils pkg and patched util-linux pkg is
> > sufficient. (Let me know any other pkg/configuration is required)
> >
> > My NFS Server export entry is:
> > share -F nfs -o sec=krb5 /export/home
> >
> > Server has nfs principal registered to KDC and the user principal of
> > client also registered to the Server.
> > After doing a kinit if I try to mount the exported path, Iam getting
> >
> > "mount: nfsserver:/export/home failed, reason given by server:
> > Permission denied"
> > Then I specified the client name in the exports file make gave
> > readonly perms. Then also I got the same error.
> >
> > Am I missing something ? Any pointers ..
> >
> > thanks,
> > Suresh
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > NFS maillist - [email protected]
> > https://lists.sourceforge.net/lists/listinfo/nfs
>
>
--
"Good Luck is when preparation meets opportunity"
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
> Kevin,
>
> Thanks for your inputs.
>
> On Mon, 14 Feb 2005 10:09:45 -0500, Kevin Coffman <[email protected]> wrote:
> > I don't think you mentioned Suse in your message to the Kerberos list.
> > Does this mean you have Heimdal (as opposed to MIT) Kerberos libraries
> > on your client? (We have problems with the released Heimdal code.)
> Yeah I didn't mention that my NFS client is SLES, but I have installed
> MIT kerberos on SLES and Iam using that only.
OK, good.
> > I assume you are running rpc.gssd on the client. Can you run that with
> > "-vvv" and send the output when you attempt to do the mount?
> When I started rpc.gssd on client (-vvv option) I got the following
> info on /var/log/messages
>
> [ snip ]
> Feb 15 10:07:01 nfsclient rpc.gssd[13870]: Using (machine) credentials
> cache: 'FILE:/tmp/krb5cc_machine_REALM'
> Feb 15 10:07:01 nfsclient rpc.gssd[13870]: processing client list
>
> But when I try to mount, Iam not getting any log messages. I
> understand that I have to extract nfs service principal on client also
> (though not sure why..)
Mount must be done by root. When a request comes up to rpc.gssd with
uid 0 to negotiate a gss context, it uses a "machine credential"
(nfs/<hostname>@REALM) as the client principal.
> Also rpcsec_gss_krb5 support is compiled in to my kernel (not as a
> module) CONFIG_RPCSEC_GSS_KRB5=y). Is this OK ? or need to be compiled
> only as a module. My System.map also have rpcsec_gss symbols..
This is fine.
> >From the snoop traces Iam able to see MOUNT reply itself is failing
> (Status = ERR_ACCESS). It is not returning the AUTH flavors supported.
Are you not doing the mount as root?
> Thanks,
> Suresh
>
> > > Iam trying to setup kerberized NFS(v3) client for Linux.
> > >
> > > My setup details
> > > NFS client: Suse Linux Enterprise Server (SLES 9) which has
> > > kernel - 2.6.5-7.97 (CONFIG_SUNRPC=y, CONFIG_SUNRPC_GSS=y,
> > > CONFIG_RPCSEC_GSS_KRB5=y )
> > >
> > > nfs-utils-1.0.7 (patched - nfs-utils-1.0.7-CITI_NFS4_ALL-1.dif)
> > > util-linux-2.12 (patched - util-linux-2.12-CITI_NFS4_ALL-3.dif)
> > >
> > > KDC Server: RedHat Linux
> > > NFS Server: Kerberized Solaris server (KDC Server & NFS Server are
> > > Tested and working fine)
> > >
> > > To setup kerberized Linux Client, I presume a kernel with rpcsecgss
> > > support, patched nfs-utils pkg and patched util-linux pkg is
> > > sufficient. (Let me know any other pkg/configuration is required)
> > >
> > > My NFS Server export entry is:
> > > share -F nfs -o sec=krb5 /export/home
> > >
> > > Server has nfs principal registered to KDC and the user principal of
> > > client also registered to the Server.
> > > After doing a kinit if I try to mount the exported path, Iam getting
> > >
> > > "mount: nfsserver:/export/home failed, reason given by server:
> > > Permission denied"
> > > Then I specified the client name in the exports file make gave
> > > readonly perms. Then also I got the same error.
> > >
> > > Am I missing something ? Any pointers ..
> > >
> > > thanks,
> > > Suresh
> > >
> > >
> > > -------------------------------------------------------
> > > SF email is sponsored by - The IT Product Guide
> > > Read honest & candid reviews on hundreds of IT Products from real users.
> > > Discover which products truly live up to the hype. Start reading now.
> > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > _______________________________________________
> > > NFS maillist - [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/nfs
> >
> >
>
>
> --
> "Good Luck is when preparation meets opportunity"
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Kevin,
Thanks for the response.
On Tue, 15 Feb 2005 08:47:18 -0500, Kevin Coffman <[email protected]> wrote:
> Mount must be done by root. When a request comes up to rpc.gssd with
> uid 0 to negotiate a gss context, it uses a "machine credential"
> (nfs/<hostname>@REALM) as the client principal.
I created service(nfs) principal for both client and server
nfs/nfsclient.domain@REALM (extracted in client)
nfs/nfsserver.domain@REALM (extracted in server)
Is this correct?
> Are you not doing the mount as root?
Iam Mounting as root only.
Also I created /var/lib/nfs/rpc_pipefs. I am running "rpc.gssd -m" and
"rpc.idmapd"
Now iam able to mount
mount -osec=krb5 nfsserver:/exportedpath /mntpoint
But When I do an "ls /mntpoint" it hangs
Also Iam getting the following in messages frequently
Feb 16 19:49:27 nfstest kernel: RPC: AUTH_GSS upcall timed out.
Feb 16 19:49:27 nfstest kernel: Please check user daemon is running!
Any pointers ?
Thanks,
Suresh
> > > > Iam trying to setup kerberized NFS(v3) client for Linux.
> > > >
> > > > My setup details
> > > > NFS client: Suse Linux Enterprise Server (SLES 9) which has
> > > > kernel - 2.6.5-7.97 (CONFIG_SUNRPC=y, CONFIG_SUNRPC_GSS=y,
> > > > CONFIG_RPCSEC_GSS_KRB5=y )
> > > >
> > > > nfs-utils-1.0.7 (patched - nfs-utils-1.0.7-CITI_NFS4_ALL-1.dif)
> > > > util-linux-2.12 (patched - util-linux-2.12-CITI_NFS4_ALL-3.dif)
> > > >
> > > > KDC Server: RedHat Linux
> > > > NFS Server: Kerberized Solaris server (KDC Server & NFS Server are
> > > > Tested and working fine)
> > > >
> > > > To setup kerberized Linux Client, I presume a kernel with rpcsecgss
> > > > support, patched nfs-utils pkg and patched util-linux pkg is
> > > > sufficient. (Let me know any other pkg/configuration is required)
> > > >
> > > > My NFS Server export entry is:
> > > > share -F nfs -o sec=krb5 /export/home
> > > >
> > > > Server has nfs principal registered to KDC and the user principal of
> > > > client also registered to the Server.
> > > > After doing a kinit if I try to mount the exported path, Iam getting
> > > >
> > > > "mount: nfsserver:/export/home failed, reason given by server:
> > > > Permission denied"
> > > > Then I specified the client name in the exports file make gave
> > > > readonly perms. Then also I got the same error.
> > > >
> > > > Am I missing something ? Any pointers ..
> > > >
> > > > thanks,
> > > > Suresh
> > > >
> > > >
> > > > -------------------------------------------------------
> > > > SF email is sponsored by - The IT Product Guide
> > > > Read honest & candid reviews on hundreds of IT Products from real users.
> > > > Discover which products truly live up to the hype. Start reading now.
> > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > > _______________________________________________
> > > > NFS maillist - [email protected]
> > > > https://lists.sourceforge.net/lists/listinfo/nfs
> > >
> > >
> >
> >
> > --
> > "Good Luck is when preparation meets opportunity"
> >
> >
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide
> > Read honest & candid reviews on hundreds of IT Products from real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > NFS maillist - [email protected]
> > https://lists.sourceforge.net/lists/listinfo/nfs
>
>
--
"Good Luck is when preparation meets opportunity"
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hi Suresh,
Sounds like you've made a bit of progress.
> Kevin,
>
> Thanks for the response.
> On Tue, 15 Feb 2005 08:47:18 -0500, Kevin Coffman <[email protected]> wrote:
>
> > Mount must be done by root. When a request comes up to rpc.gssd with
> > uid 0 to negotiate a gss context, it uses a "machine credential"
> > (nfs/<hostname>@REALM) as the client principal.
>
> I created service(nfs) principal for both client and server
> nfs/nfsclient.domain@REALM (extracted in client)
> nfs/nfsserver.domain@REALM (extracted in server)
> Is this correct?
Yes, this is correct.
> > Are you not doing the mount as root?
> Iam Mounting as root only.
>
> Also I created /var/lib/nfs/rpc_pipefs. I am running "rpc.gssd -m" and
> "rpc.idmapd"
> Now iam able to mount
> mount -osec=krb5 nfsserver:/exportedpath /mntpoint
> But When I do an "ls /mntpoint" it hangs
Is this still as root, or as a normal user? If as a normal user,
had you already done a kinit to get a Kerberos TGT?
> Also Iam getting the following in messages frequently
> Feb 16 19:49:27 nfstest kernel: RPC: AUTH_GSS upcall timed out.
> Feb 16 19:49:27 nfstest kernel: Please check user daemon is running!
>
> Any pointers ?
This means that rpc.gssd probably stopped, or is hung up and no
longer answering upcalls. Running rpc.gssd with option "-vvv"
may give more clues.
K.C.
> Thanks,
> Suresh
> > > > > Iam trying to setup kerberized NFS(v3) client for Linux.
> > > > >
> > > > > My setup details
> > > > > NFS client: Suse Linux Enterprise Server (SLES 9) which has
> > > > > kernel - 2.6.5-7.97 (CONFIG_SUNRPC=y, CONFIG_SUNRPC_GSS=y,
> > > > > CONFIG_RPCSEC_GSS_KRB5=y )
> > > > >
> > > > > nfs-utils-1.0.7 (patched - nfs-utils-1.0.7-CITI_NFS4_ALL-1.dif)
> > > > > util-linux-2.12 (patched - util-linux-2.12-CITI_NFS4_ALL-3.dif)
> > > > >
> > > > > KDC Server: RedHat Linux
> > > > > NFS Server: Kerberized Solaris server (KDC Server & NFS Server are
> > > > > Tested and working fine)
> > > > >
> > > > > To setup kerberized Linux Client, I presume a kernel with rpcsecgss
> > > > > support, patched nfs-utils pkg and patched util-linux pkg is
> > > > > sufficient. (Let me know any other pkg/configuration is required)
> > > > >
> > > > > My NFS Server export entry is:
> > > > > share -F nfs -o sec=krb5 /export/home
> > > > >
> > > > > Server has nfs principal registered to KDC and the user principal of
> > > > > client also registered to the Server.
> > > > > After doing a kinit if I try to mount the exported path, Iam getting
> > > > >
> > > > > "mount: nfsserver:/export/home failed, reason given by server:
> > > > > Permission denied"
> > > > > Then I specified the client name in the exports file make gave
> > > > > readonly perms. Then also I got the same error.
> > > > >
> > > > > Am I missing something ? Any pointers ..
> > > > >
> > > > > thanks,
> > > > > Suresh
> > > > >
> > > > >
> > > > > -------------------------------------------------------
> > > > > SF email is sponsored by - The IT Product Guide
> > > > > Read honest & candid reviews on hundreds of IT Products from real use
> rs.
> > > > > Discover which products truly live up to the hype. Start reading now.
> > > > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > > > _______________________________________________
> > > > > NFS maillist - [email protected]
> > > > > https://lists.sourceforge.net/lists/listinfo/nfs
> > > >
> > > >
> > >
> > >
> > > --
> > > "Good Luck is when preparation meets opportunity"
> > >
> > >
> > > -------------------------------------------------------
> > > SF email is sponsored by - The IT Product Guide
> > > Read honest & candid reviews on hundreds of IT Products from real users.
> > > Discover which products truly live up to the hype. Start reading now.
> > > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > _______________________________________________
> > > NFS maillist - [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/nfs
> >
> >
>
>
> --
> "Good Luck is when preparation meets opportunity"
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs