problems with sec=krb5
Kevin Coffman
kwc at citi.umich.edu
Thu Mar 29 14:44:41 EDT 2007
On 3/29/07, Rohit Kumar Mehta <rohitm at engr.uconn.edu> wrote:
> It appears I made a *stupid* mistake in only exporting sec=sys on the
> server!
>
> Changing the export, now plain old nfs (3) mounts work correctly with
> sec=krb5, but nfs4 mounts still get a "mount: permission denied" error.
>
> I did see one interesting message on the server_log on the Celerra (we
> get this warning for both nfs3 and nfs4 mounts):
> 2007-03-29 14:20:53: SECURITY: 4:
> Access_GsscredDataBase::resolveAutomap: Warning: User
> nfs/cselin12.engr.uconn.edu not in Unix user database.
This appears to be from the attempt by svcgssd to map the client's
authenticated name (nfs/cselin12.engr.uconn.edu) into uid/gid to pass
down the kernel. With your level of nfs-utils, the user should be
mapped to nobody if no mapping is found. The output from "svcgssd
-vvv" and/or a network trace should tell us why the v4 mount still
fails.
K.C.
More information about the NFSv4
mailing list