LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Error when mounting nfs -- mount: Permission denied / rpc.gssd ERROR: No credential
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 04-14-2015, 06:51 AM   #1
intmail01
Member
 
Registered: May 2013
Posts: 91

Rep: Reputation: Disabled
Error when mounting nfs -- mount: Permission denied / rpc.gssd ERROR: No credential

Hello,

After weeks to try to instal nfs file system I have problem to access the server because it deny when I try to mount.
According to /var/log/syslog the problem appears in rpc.gssd
I did several kinit to get different ticket but it seems not solve the problems and by the way I want to know which ticket should I get exactly for mounting ??
Also, something very strange when I do kinit the password seems incorrect and this bring me to enter it again on the server by using kadmin.local.

** Permission denied on the client:
mount: fstab path: "/etc/fstab"
mount: mtab path: "/etc/mtab"
mount: lock path: "/etc/mtab~"
mount: temp path: "/etc/mtab.tmp"
mount: UID: 0
mount: eUID: 0
mount: spec: "server.darkstar.net:/partage/data"
mount: node: "/mnt/nfs"
mount: types: "nfs"
mount: opts: "vers=4,sec=krb5"
mount: external mount: argv[0] = "/sbin/mount.nfs"
mount: external mount: argv[1] = "server.darkstar.net:/partage/data"
mount: external mount: argv[2] = "/mnt/nfs"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,vers=4,sec=krb5"
mount.nfs: timeout set for Sun Apr 12 23:27:41 2015
mount.nfs: trying text-based options 'vers=4,sec=krb5,addr=10.0.0.2,clientaddr=10.0.0.3'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting server.darkstar.net:/partage/data


** Mount command on the client:
mount -vvv -t nfs -o vers=4,sec=krb5 server.darkstar.net:/partage/data /mnt/nfs


** Configuration file on the server for exportfs:
/partage gss/krb5(rw,nohide,sync,fsid=0,no_root_squash,no_subtree_check,insecure,crossmnt)
/partage/data gss/krb5(rw,sync,nohide,no_subtree_check,no_root_squash)
note: /data is mounted and bound to /partage

** On the client the file /var/log/syslog contains this:
Apr 12 23:06:43 darkstar rpc.idmapd[427]: New client: 6
Apr 12 23:06:43 darkstar rpc.idmapd[427]: Opened /var/lib/nfs/rpc_pipefs//nfs/clnt6/idmap
Apr 12 23:06:43 darkstar rpc.gssd[808]: ERROR: No credentials found for connection to server server.darkstar.net
Apr 12 23:06:43 darkstar rpc.gssd[809]: ERROR: No credentials found for connection to server server.darkstar.net
Apr 12 23:06:43 darkstar rpc.idmapd[427]: New client: 7
Apr 12 23:06:43 darkstar rpc.idmapd[427]: Stale client: 6
Apr 12 23:06:43 darkstar rpc.idmapd[427]: ^I-> closed /var/lib/nfs/rpc_pipefs//nfs/clnt6/idmap
Apr 12 23:06:43 darkstar rpc.idmapd[427]: Stale client: 7
Apr 12 23:06:43 darkstar rpc.idmapd[427]: ^I-> closed /var/lib/nfs/rpc_pipefs//nfs/clnt7/idmap
Apr 12 23:06:45 darkstar kernel: 00 00 00 00 00 00

** This is how do I run daemons:
#Client side:
if [ ! -a /var/lib/nfs/rpc_pipefs ]; then
{
sudo /bin/mkdir -p /var/lib/nfs/rpc_pipefs
}
fi
sudo /sbin/mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs
sudo /sbin/rpc.portmap
sudo /usr/sbin/sm-notify
sudo /usr/sbin/rpc.idmapd
sudo /usr/sbin/rpc.gssd
sudo /usr/sbin/rpc.statd

#Server side:
sudo /sbin/mount -t nfsd nfsd /proc/fs/nfs

if [ ! -a /var/lib/nfs/rpc_pipefs ]; then
{
sudo /bin/mkdir -p /var/lib/nfs/rpc_pipefs
}
fi
sudo /sbin/mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs
sudo /sbin/rpc.portmap
sudo /usr/sbin/rpc.idmapd
sudo /usr/sbin/rpc.gssd
sudo /usr/sbin/exportfs -av
sudo /usr/sbin/rpc.mountd
sudo /usr/sbin/rpc.statd
sudo /usr/sbin/rpc.nfsd
sudo /usr/sbin/sm-notify


** On both system, /etc/hosts contains:
127.0.0.1 localhost
127.0.0.1 server.darkstar.net # for server only, not on the client
10.0.0.2 server.darkstar.net
10.0.0.3 client.darkstar.net

** /etc/idmap.conf on server
[GENERAL]
Verbosity = 1
Domain = darkstar.net
Local-Realms = DARKSTAR

[Mapping]
Nobody-User = nobody
Nobody-Group = nobody

** /etc/kdc.conf on server:
[kdcdefaults]
kdc_ports = 88,750

[realms]
DARKSTAR = {
kadmind_port = 749
max_life = 12h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = aes256-cts
supported_enctypes = aes256-cts:normal aes128-cts:normal
# If the default location does not suit your setup,
# explicitly configure the following values:
# database_name = /var/krb5kdc/principal
# key_stash_file = /var/krb5kdc/.k5.ATHENA.MIT.EDU
acl_file = /var/krb5kdc/kadm5.acl
}

[logging]
# By default, the KDC and kadmind will log output using
# syslog. You can instead send log output to files like this:
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log

** /etc/krb5.conf
[libdefaults]
default_realm = DARKSTAR

[realms]
DARKSTAR = {
kdc = server.darkstar.net
kdc = server.darkstar.net
admin_server = server.darkstar.net
}

[domain_realm]
.server.darkstar.net = DARKSTAR
.client.darkstar.net = DARKSTAR
server.darkstar.net = DARKSTAR
client.darkstar.net = DARKSTAR

** result of the command "klist -ke" on the client
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 host/client.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 host/client.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 host/client.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 host/client.darkstar.net@DARKSTAR (arcfour-hmac)
2 host/server.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 host/server.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 host/server.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 host/server.darkstar.net@DARKSTAR (arcfour-hmac)
2 nfs/client.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 nfs/client.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 nfs/client.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 nfs/client.darkstar.net@DARKSTAR (arcfour-hmac)
2 nfs/server.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 nfs/server.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 nfs/server.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 nfs/server.darkstar.net@DARKSTAR (arcfour-hmac)
6 admin/admin@DARKSTAR (aes256-cts-hmac-sha1-96)
6 admin/admin@DARKSTAR (aes128-cts-hmac-sha1-96)
6 admin/admin@DARKSTAR (des3-cbc-sha1)
6 admin/admin@DARKSTAR (arcfour-hmac)
2 server.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 server.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 server.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 server.darkstar.net@DARKSTAR (arcfour-hmac)
 
Old 04-20-2015, 03:17 AM   #2
intmail01
Member
 
Registered: May 2013
Posts: 91

Original Poster
Rep: Reputation: Disabled
problem not solved yet. One daemon is missing on the server: rpc.svcgssd
I installed it but no change.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Looked everywhere, NFS mount gives me a permission denied error. [Fedora 19] dhvl2712 Linux - Networking 3 08-10-2013 03:55 PM
remote mount of nfs gives permission denied error - FUSE file sytem, bob.keslin@oracle.com Linux - Newbie 1 04-06-2011 04:50 PM
Unable to NFS mount .ERROR (mount: RPC: Remote system error - Connection timed) pabba Linux - Networking 3 05-06-2010 12:09 PM
Help with mounting samba share: smbmount or mount.cifs error: permission denied wdli Linux - Server 1 08-11-2009 11:31 PM
Permission Denied Error Message when trying to mount an NFS share kaplan71 Fedora 1 02-14-2009 07:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:12 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration