I am attempting to Kerborize an NFS server on a RHEL6 machine, but I cannot get it quite right. The error message I receive when executing the following command (as myself, not as root) is:
Code:
# sudo mount -t nfs4 -o sec=krb5 server.foo.com:/home /mnt
mount.nfs4: access denied by server while mounting server.foo.com:/home
I have a keytab generated from the KDC for both NFS server and NFS client (both RHEL6 hosts) placed in /etc, and I have configured PAM/Kerberos so I can login via SSH and see I have a valid ticket with klist.
I can login to both NFS server and NFS client via SSH and get a ticket, but I don't know where the problematic NFS permissions reside.
The /etc/exports file on the NFS server looks like:
Code:
/home gss/krb5(rw,sync,fsid=0,no_subtree_check)
I have disabled IP Tables on both client and server, and hosts.allow and hosts.deny are not blocking traffic at the moment. On the NFS server, here is the output of rpcinfo -p:
# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 53322 status
100024 1 tcp 47227 status
100011 1 udp 875 rquotad
100011 2 udp 875 rquotad
100011 1 tcp 875 rquotad
100011 2 tcp 875 rquotad
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 2 tcp 2049 nfs_acl
100227 3 tcp 2049 nfs_acl
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 2 udp 2049 nfs_acl
100227 3 udp 2049 nfs_acl
100021 1 udp 41162 nlockmgr
100021 3 udp 41162 nlockmgr
100021 4 udp 41162 nlockmgr
100021 1 tcp 39794 nlockmgr
100021 3 tcp 39794 nlockmgr
100021 4 tcp 39794 nlockmgr
100005 1 udp 55891 mountd
100005 1 tcp 35686 mountd
100005 2 udp 55891 mountd
100005 2 tcp 35686 mountd
100005 3 udp 55891 mountd
100005 3 tcp 35686 mountd
On the NFS client, here is the output of that same command:
# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 47549 status
100024 1 tcp 34696 status