problems with sec=krb5
Rohit Kumar Mehta
rohitm at engr.uconn.edu
Thu Mar 29 14:32:59 EDT 2007
It appears I made a *stupid* mistake in only exporting sec=sys on the
server!
Changing the export, now plain old nfs (3) mounts work correctly with
sec=krb5, but nfs4 mounts still get a "mount: permission denied" error.
I did see one interesting message on the server_log on the Celerra (we
get this warning for both nfs3 and nfs4 mounts):
2007-03-29 14:20:53: SECURITY: 4:
Access_GsscredDataBase::resolveAutomap: Warning: User
nfs/cselin12.engr.uconn.edu not in Unix user database.
Having access to all the features of nfs4 would be great, but our major
interest in nfs4 is just for security. It seems we can get that with
nfs3 + sec=krb5, so this is reason to be happy!!
We are running a pretty new nfs-utils now (1.0.12-4 comes with Ubuntu
Feisty). I guess I can struggle through installing 1.0.11 + patches from
the website and give that a shot.
Kevin Coffman wrote:
> This looks better on the client side.
>
> Did you update the server's nfs-utils as well? It may have a mapping
> problem. Newer nfs-utils will ignore the mapping problem and allow
> the mount to succeed (mapping the user to nobody).
>
> Otherwise, are there interesting messages on the server? (because the
> client seems happy)
>
> K.C.
>
More information about the NFSv4
mailing list