Hi,
While trying to mount an export with '-sec=3Dkrb5', on linux client, I
am getting this error,
"mount: 10.55.60.142:/vol/fornfs failed, security flavor not supported"
I am trying to get into 'What kerberos is all about?'.But any help on setti=
ng up
a kerberised NFS v2/v3 client would be helpful.
My prime questions are,
1. Where can I get the information about generating /etc/krb5.k=
eytab
My scenario is , I am using Microsoft Active Directory KDC=
.
2. The patches for bugs,in RH bugzilla's 142464 and 146703.
Where can I get the patches for my kernel/distro ?
Can I get a individual patchs instead of a source RPM ?
Steps I have followed so far:
1.add new file /etc/sysconfig/nfs containing "SECURE_NFS=3Dyes"
2.edit /etc/init.d/rpcgssd
added,"/sbin/modprobe rpcsec_gss_krb5"
4.use "authconfig" to update /etc/krb5.conf and /etc/pam.d/system-auth
My NFS client details:
Distro: Fedora core 3
Kernel:2.6.15-6
.config
# Network File Systems
#
CONFIG_NFS_FS=3Dm
CONFIG_NFS_V3=3Dy
CONFIG_NFS_V3_ACL=3Dy
CONFIG_NFS_V4=3Dy
CONFIG_NFS_DIRECTIO=3Dy
CONFIG_NFSD=3Dm
CONFIG_NFSD_V2_ACL=3Dy
CONFIG_NFSD_V3=3Dy
CONFIG_NFSD_V3_ACL=3Dy
CONFIG_NFSD_V4=3Dy
CONFIG_NFSD_TCP=3Dy
CONFIG_LOCKD=3Dm
CONFIG_LOCKD_V4=3Dy
CONFIG_EXPORTFS=3Dm
CONFIG_NFS_ACL_SUPPORT=3Dm
CONFIG_NFS_COMMON=3Dy
CONFIG_SUNRPC=3Dm
CONFIG_SUNRPC_GSS=3Dm
CONFIG_RPCSEC_GSS_KRB5=3Dm
CONFIG_RPCSEC_GSS_SPKM3=3Dm
Krb packages on machine:
[root@akam ~]# rpm -qa | grep -i krb
krb5-auth-dialog-0.2-1
krb5-server-1.3.4-7
krbafs-utils-1.2.2-6
pam_krb5-2.1.2-1
krb5-workstation-1.3.4-7
krb5-devel-1.3.4-7
krb5-libs-1.3.4-7
krbafs-1.2.2-6
krbafs-devel-1.2.2-6
nfs-utils on machine
nfs-utils-1.0.6-39
system-config-nfs-1.2.8-1
Command executed.
mount 10.55.60.142:/vol/fornfs /mnt/nfs1
Result:
mount: 10.55.60.142:/vol/fornfs failed, security flavor not supported
Sorry for the length of the mail.
thanks & regards,
parinay
--
easy is right
begin right and you're easy
continue easy and you're right
the right way to go easy is to forget the right way
and forget that the going is easy....
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
See comments inline below.
On 3/24/06, parinay <[email protected]> wrote:
> Hi,
> While trying to mount an export with '-sec=3Dkrb5', on linux client, I
> am getting this error,
> "mount: 10.55.60.142:/vol/fornfs failed, security flavor not supported"
> I am trying to get into 'What kerberos is all about?'.But any help on set=
ting up
> a kerberised NFS v2/v3 client would be helpful.
> My prime questions are,
> 1. Where can I get the information about generating /etc/krb5=
.keytab
> My scenario is , I am using Microsoft Active Directory K=
DC
See section "Using Active Directory as your KDC for NFS" here
http://nfsworld.blogspot.com/
> 2. The patches for bugs,in RH bugzilla's 142464 and 146703.
> Where can I get the patches for my kernel/distro ?
> Can I get a individual patchs instead of a source RPM ?
>
> Steps I have followed so far:
> 1.add new file /etc/sysconfig/nfs containing "SECURE_NFS=3Dyes"
> 2.edit /etc/init.d/rpcgssd
> added,"/sbin/modprobe rpcsec_gss_krb5"
You'll also need to modload sunrpc since that is built as a module also.
> 4.use "authconfig" to update /etc/krb5.conf and /etc/pam.d/system-auth
>
> My NFS client details:
> Distro: Fedora core 3
> Kernel:2.6.15-6
> .config
> # Network File Systems
> #
> CONFIG_NFS_FS=3Dm
> CONFIG_NFS_V3=3Dy
> CONFIG_NFS_V3_ACL=3Dy
> CONFIG_NFS_V4=3Dy
> CONFIG_NFS_DIRECTIO=3Dy
> CONFIG_NFSD=3Dm
> CONFIG_NFSD_V2_ACL=3Dy
> CONFIG_NFSD_V3=3Dy
> CONFIG_NFSD_V3_ACL=3Dy
> CONFIG_NFSD_V4=3Dy
> CONFIG_NFSD_TCP=3Dy
> CONFIG_LOCKD=3Dm
> CONFIG_LOCKD_V4=3Dy
> CONFIG_EXPORTFS=3Dm
> CONFIG_NFS_ACL_SUPPORT=3Dm
> CONFIG_NFS_COMMON=3Dy
> CONFIG_SUNRPC=3Dm
> CONFIG_SUNRPC_GSS=3Dm
> CONFIG_RPCSEC_GSS_KRB5=3Dm
> CONFIG_RPCSEC_GSS_SPKM3=3Dm
> Krb packages on machine:
> [root@akam ~]# rpm -qa | grep -i krb
> krb5-auth-dialog-0.2-1
> krb5-server-1.3.4-7
> krbafs-utils-1.2.2-6
> pam_krb5-2.1.2-1
> krb5-workstation-1.3.4-7
> krb5-devel-1.3.4-7
> krb5-libs-1.3.4-7
> krbafs-1.2.2-6
> krbafs-devel-1.2.2-6
> nfs-utils on machine
> nfs-utils-1.0.6-39
> system-config-nfs-1.2.8-1
> Command executed.
> mount 10.55.60.142:/vol/fornfs /mnt/nfs1
> Result:
> mount: 10.55.60.142:/vol/fornfs failed, security flavor not supported
>
> Sorry for the length of the mail.
> thanks & regards,
> parinay
>
> --
> easy is right
> begin right and you're easy
> continue easy and you're right
> the right way to go easy is to forget the right way
> and forget that the going is easy....
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting langua=
ge
> that extends applications into web and mobile media. Attend the live webc=
ast
> and join the prime developer group breaking into this new coding territor=
y!
> http://sel.as-us.falkag.net/sel?cmdlnk&kid=110944&bid$1720&dat=121642
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
>
>
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Thanks a lot.
parinay
On 3/25/06, Kevin Coffman <[email protected]> wrote:
> See comments inline below.
>
> On 3/24/06, parinay <[email protected]> wrote:
> > Hi,
> > While trying to mount an export with '-sec=3Dkrb5', on linux client, I
> > am getting this error,
> > "mount: 10.55.60.142:/vol/fornfs failed, security flavor not supported"
> > I am trying to get into 'What kerberos is all about?'.But any help on s=
etting up
> > a kerberised NFS v2/v3 client would be helpful.
> > My prime questions are,
> > 1. Where can I get the information about generating /etc/kr=
b5.keytab
> > My scenario is , I am using Microsoft Active Directory=
KDC
>
> See section "Using Active Directory as your KDC for NFS" here
> http://nfsworld.blogspot.com/
>
> > 2. The patches for bugs,in RH bugzilla's 142464 and 146703.
> > Where can I get the patches for my kernel/distro ?
> > Can I get a individual patchs instead of a source RPM ?
> >
> > Steps I have followed so far:
> > 1.add new file /etc/sysconfig/nfs containing "SECURE_NFS=3Dyes"
> > 2.edit /etc/init.d/rpcgssd
> > added,"/sbin/modprobe rpcsec_gss_krb5"
>
> You'll also need to modload sunrpc since that is built as a module also.
>
> > 4.use "authconfig" to update /etc/krb5.conf and /etc/pam.d/system-auth
> >
> > My NFS client details:
> > Distro: Fedora core 3
> > Kernel:2.6.15-6
> > .config
> > # Network File Systems
> > #
> > CONFIG_NFS_FS=3Dm
> > CONFIG_NFS_V3=3Dy
> > CONFIG_NFS_V3_ACL=3Dy
> > CONFIG_NFS_V4=3Dy
> > CONFIG_NFS_DIRECTIO=3Dy
> > CONFIG_NFSD=3Dm
> > CONFIG_NFSD_V2_ACL=3Dy
> > CONFIG_NFSD_V3=3Dy
> > CONFIG_NFSD_V3_ACL=3Dy
> > CONFIG_NFSD_V4=3Dy
> > CONFIG_NFSD_TCP=3Dy
> > CONFIG_LOCKD=3Dm
> > CONFIG_LOCKD_V4=3Dy
> > CONFIG_EXPORTFS=3Dm
> > CONFIG_NFS_ACL_SUPPORT=3Dm
> > CONFIG_NFS_COMMON=3Dy
> > CONFIG_SUNRPC=3Dm
> > CONFIG_SUNRPC_GSS=3Dm
> > CONFIG_RPCSEC_GSS_KRB5=3Dm
> > CONFIG_RPCSEC_GSS_SPKM3=3Dm
> > Krb packages on machine:
> > [root@akam ~]# rpm -qa | grep -i krb
> > krb5-auth-dialog-0.2-1
> > krb5-server-1.3.4-7
> > krbafs-utils-1.2.2-6
> > pam_krb5-2.1.2-1
> > krb5-workstation-1.3.4-7
> > krb5-devel-1.3.4-7
> > krb5-libs-1.3.4-7
> > krbafs-1.2.2-6
> > krbafs-devel-1.2.2-6
> > nfs-utils on machine
> > nfs-utils-1.0.6-39
> > system-config-nfs-1.2.8-1
> > Command executed.
> > mount 10.55.60.142:/vol/fornfs /mnt/nfs1
> > Result:
> > mount: 10.55.60.142:/vol/fornfs failed, security flavor not supported
> >
> > Sorry for the length of the mail.
> > thanks & regards,
> > parinay
> >
> > --
> > easy is right
> > begin right and you're easy
> > continue easy and you're right
> > the right way to go easy is to forget the right way
> > and forget that the going is easy....
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by xPML, a groundbreaking scripting lang=
uage
> > that extends applications into web and mobile media. Attend the live we=
bcast
> > and join the prime developer group breaking into this new coding territ=
ory!
> > http://sel.as-us.falkag.net/sel?cmdlnk&kid=110944&bid$1720&dat=121642
> > _______________________________________________
> > NFS maillist - [email protected]
> > https://lists.sourceforge.net/lists/listinfo/nfs
> >
> >
>
--
easy is right
begin right and you're easy
continue easy and you're right
the right way to go easy is to forget the right way
and forget that the going is easy....
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs