Error when mounting nfs -- mount: Permission denied / rpc.gssd ERROR: No credential
Hello,
After weeks to try to instal nfs file system I have problem to access the server because it deny when I try to mount.
According to /var/log/syslog the problem appears in rpc.gssd
I did several kinit to get different ticket but it seems not solve the problems and by the way I want to know which ticket should I get exactly for mounting ??
Also, something very strange when I do kinit the password seems incorrect and this bring me to enter it again on the server by using kadmin.local.
** Permission denied on the client:
mount: fstab path: "/etc/fstab"
mount: mtab path: "/etc/mtab"
mount: lock path: "/etc/mtab~"
mount: temp path: "/etc/mtab.tmp"
mount: UID: 0
mount: eUID: 0
mount: spec: "server.darkstar.net:/partage/data"
mount: node: "/mnt/nfs"
mount: types: "nfs"
mount: opts: "vers=4,sec=krb5"
mount: external mount: argv[0] = "/sbin/mount.nfs"
mount: external mount: argv[1] = "server.darkstar.net:/partage/data"
mount: external mount: argv[2] = "/mnt/nfs"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,vers=4,sec=krb5"
mount.nfs: timeout set for Sun Apr 12 23:27:41 2015
mount.nfs: trying text-based options 'vers=4,sec=krb5,addr=10.0.0.2,clientaddr=10.0.0.3'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting server.darkstar.net:/partage/data
** Mount command on the client:
mount -vvv -t nfs -o vers=4,sec=krb5 server.darkstar.net:/partage/data /mnt/nfs
** Configuration file on the server for exportfs:
/partage gss/krb5(rw,nohide,sync,fsid=0,no_root_squash,no_subtree_check,insecure,crossmnt)
/partage/data gss/krb5(rw,sync,nohide,no_subtree_check,no_root_squash)
note: /data is mounted and bound to /partage
** On the client the file /var/log/syslog contains this:
Apr 12 23:06:43 darkstar rpc.idmapd[427]: New client: 6
Apr 12 23:06:43 darkstar rpc.idmapd[427]: Opened /var/lib/nfs/rpc_pipefs//nfs/clnt6/idmap
Apr 12 23:06:43 darkstar rpc.gssd[808]: ERROR: No credentials found for connection to server server.darkstar.net
Apr 12 23:06:43 darkstar rpc.gssd[809]: ERROR: No credentials found for connection to server server.darkstar.net
Apr 12 23:06:43 darkstar rpc.idmapd[427]: New client: 7
Apr 12 23:06:43 darkstar rpc.idmapd[427]: Stale client: 6
Apr 12 23:06:43 darkstar rpc.idmapd[427]: ^I-> closed /var/lib/nfs/rpc_pipefs//nfs/clnt6/idmap
Apr 12 23:06:43 darkstar rpc.idmapd[427]: Stale client: 7
Apr 12 23:06:43 darkstar rpc.idmapd[427]: ^I-> closed /var/lib/nfs/rpc_pipefs//nfs/clnt7/idmap
Apr 12 23:06:45 darkstar kernel: 00 00 00 00 00 00
** This is how do I run daemons:
#Client side:
if [ ! -a /var/lib/nfs/rpc_pipefs ]; then
{
sudo /bin/mkdir -p /var/lib/nfs/rpc_pipefs
}
fi
sudo /sbin/mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs
sudo /sbin/rpc.portmap
sudo /usr/sbin/sm-notify
sudo /usr/sbin/rpc.idmapd
sudo /usr/sbin/rpc.gssd
sudo /usr/sbin/rpc.statd
#Server side:
sudo /sbin/mount -t nfsd nfsd /proc/fs/nfs
if [ ! -a /var/lib/nfs/rpc_pipefs ]; then
{
sudo /bin/mkdir -p /var/lib/nfs/rpc_pipefs
}
fi
sudo /sbin/mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs
sudo /sbin/rpc.portmap
sudo /usr/sbin/rpc.idmapd
sudo /usr/sbin/rpc.gssd
sudo /usr/sbin/exportfs -av
sudo /usr/sbin/rpc.mountd
sudo /usr/sbin/rpc.statd
sudo /usr/sbin/rpc.nfsd
sudo /usr/sbin/sm-notify
** On both system, /etc/hosts contains:
127.0.0.1 localhost
127.0.0.1 server.darkstar.net # for server only, not on the client
10.0.0.2 server.darkstar.net
10.0.0.3 client.darkstar.net
** /etc/idmap.conf on server
[GENERAL]
Verbosity = 1
Domain = darkstar.net
Local-Realms = DARKSTAR
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
** /etc/kdc.conf on server:
[kdcdefaults]
kdc_ports = 88,750
[realms]
DARKSTAR = {
kadmind_port = 749
max_life = 12h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = aes256-cts
supported_enctypes = aes256-cts:normal aes128-cts:normal
# If the default location does not suit your setup,
# explicitly configure the following values:
# database_name = /var/krb5kdc/principal
# key_stash_file = /var/krb5kdc/.k5.ATHENA.MIT.EDU
acl_file = /var/krb5kdc/kadm5.acl
}
[logging]
# By default, the KDC and kadmind will log output using
# syslog. You can instead send log output to files like this:
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
** /etc/krb5.conf
[libdefaults]
default_realm = DARKSTAR
[realms]
DARKSTAR = {
kdc = server.darkstar.net
kdc = server.darkstar.net
admin_server = server.darkstar.net
}
[domain_realm]
.server.darkstar.net = DARKSTAR
.client.darkstar.net = DARKSTAR
server.darkstar.net = DARKSTAR
client.darkstar.net = DARKSTAR
** result of the command "klist -ke" on the client
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 host/client.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 host/client.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 host/client.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 host/client.darkstar.net@DARKSTAR (arcfour-hmac)
2 host/server.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 host/server.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 host/server.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 host/server.darkstar.net@DARKSTAR (arcfour-hmac)
2 nfs/client.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 nfs/client.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 nfs/client.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 nfs/client.darkstar.net@DARKSTAR (arcfour-hmac)
2 nfs/server.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 nfs/server.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 nfs/server.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 nfs/server.darkstar.net@DARKSTAR (arcfour-hmac)
6 admin/admin@DARKSTAR (aes256-cts-hmac-sha1-96)
6 admin/admin@DARKSTAR (aes128-cts-hmac-sha1-96)
6 admin/admin@DARKSTAR (des3-cbc-sha1)
6 admin/admin@DARKSTAR (arcfour-hmac)
2 server.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 server.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 server.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 server.darkstar.net@DARKSTAR (arcfour-hmac)
|