From: "Kevin Coffman" <kwc@citi.umich.edu>
Subject: Re: Kerberized NFS v2/v3
Date: Fri, 24 Mar 2006 15:04:04 -0500
Message-ID: <4d569c330603241204y7e6fc2baq144a6bf3d26b92ac@mail.gmail.com>
References: <ea2ed4af0603240243n220f1a20o62bfb9910ebf1698@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Cc: nfs@lists.sourceforge.net
To: parinay <parinay@gmail.com>
In-Reply-To: <ea2ed4af0603240243n220f1a20o62bfb9910ebf1698@mail.gmail.com>
Sender: nfs-admin@lists.sourceforge.net
Errors-To: nfs-admin@lists.sourceforge.net

See comments inline below.

On 3/24/06, parinay <parinay@gmail.com> wrote:
> Hi,
> While trying to mount an export with '-sec=3Dkrb5', on linux client, I
> am getting this error,
> "mount: 10.55.60.142:/vol/fornfs failed, security flavor not supported"
> I am trying to get into 'What kerberos is all about?'.But any help on set=
ting up
> a kerberised NFS v2/v3 client would be helpful.
> My prime questions are,
>             1. Where can I get the information about generating /etc/krb5=
.keytab
>                  My scenario is , I am using Microsoft Active Directory K=
DC

See section "Using Active Directory as your KDC for NFS" here
http://nfsworld.blogspot.com/

>             2. The patches for bugs,in RH bugzilla's 142464 and 146703.
>                 Where can I get the patches for my kernel/distro ?
>                 Can I get a individual patchs instead of a source RPM ?
>
> Steps I have followed so far:
> 1.add new file /etc/sysconfig/nfs containing "SECURE_NFS=3Dyes"
> 2.edit /etc/init.d/rpcgssd
>   added,"/sbin/modprobe rpcsec_gss_krb5"

You'll also need to modload sunrpc since that is built as a module also.

> 4.use "authconfig" to update /etc/krb5.conf and /etc/pam.d/system-auth
>
> My NFS client details:
> Distro: Fedora core 3
> Kernel:2.6.15-6
> .config
> # Network File Systems
> #
> CONFIG_NFS_FS=3Dm
> CONFIG_NFS_V3=3Dy
> CONFIG_NFS_V3_ACL=3Dy
> CONFIG_NFS_V4=3Dy
> CONFIG_NFS_DIRECTIO=3Dy
> CONFIG_NFSD=3Dm
> CONFIG_NFSD_V2_ACL=3Dy
> CONFIG_NFSD_V3=3Dy
> CONFIG_NFSD_V3_ACL=3Dy
> CONFIG_NFSD_V4=3Dy
> CONFIG_NFSD_TCP=3Dy
> CONFIG_LOCKD=3Dm
> CONFIG_LOCKD_V4=3Dy
> CONFIG_EXPORTFS=3Dm
> CONFIG_NFS_ACL_SUPPORT=3Dm
> CONFIG_NFS_COMMON=3Dy
> CONFIG_SUNRPC=3Dm
> CONFIG_SUNRPC_GSS=3Dm
> CONFIG_RPCSEC_GSS_KRB5=3Dm
> CONFIG_RPCSEC_GSS_SPKM3=3Dm
> Krb packages on machine:
> [root@akam ~]# rpm -qa | grep -i krb
> krb5-auth-dialog-0.2-1
> krb5-server-1.3.4-7
> krbafs-utils-1.2.2-6
> pam_krb5-2.1.2-1
> krb5-workstation-1.3.4-7
> krb5-devel-1.3.4-7
> krb5-libs-1.3.4-7
> krbafs-1.2.2-6
> krbafs-devel-1.2.2-6
> nfs-utils on machine
> nfs-utils-1.0.6-39
> system-config-nfs-1.2.8-1
> Command executed.
> mount  10.55.60.142:/vol/fornfs /mnt/nfs1
> Result:
> mount: 10.55.60.142:/vol/fornfs failed, security flavor not supported
>
> Sorry for the length of the mail.
> thanks & regards,
> parinay
>
> --
> easy is right
> begin right and you're easy
> continue easy and you're right
> the right way to go easy is to forget the right way
> and forget that the going is easy....
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting langua=
ge
> that extends applications into web and mobile media. Attend the live webc=
ast
> and join the prime developer group breaking into this new coding territor=
y!
> http://sel.as-us.falkag.net/sel?cmdlnk&kid=110944&bid$1720&dat=121642
> _______________________________________________
> NFS maillist  -  NFS@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nfs
>
>


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs