[Freeipa-users] NFS4 after client upgrade to Fedora 13
Rob Crittenden
rcritten at redhat.com
Thu May 27 13:09:16 UTC 2010
Thomas Sailer wrote:
> Hi,
>
> After upgrading one IPA client from Fedora12 to Fedora13 (the server
> runs Fedora12), I'm experiencing NFS4 problems.
>
> I can still mount the server from the client like this:
> mount -t nfs4 -o soft,intr,rsize=8192,wsize=8192,rw,sec=krb5p server.xxx.com:/home /tmp/z
> root can then successfully list subdirectories with ls /tmp/z. However,
> when a normal user tries to do this, he gets -EACCES.
>
> Permissions of /tmp/z should be ok:
>
> # ls -ldZ /tmp/z
> drwxr-xr-x. root root system_u:object_r:nfs_t:s0 /tmp/z
>
> # getfacl /tmp/z
> getfacl: Removing leading '/' from absolute path names
> # file: tmp/z
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
>
> # nfs4_getfacl /tmp/z
> A::OWNER@:rwaDxtTcCy
> A::GROUP@:rxtcy
> A::EVERYONE@:rxtcy
>
> It worked under Fedora 12. Does anybody have an idea what went wrong?
>
I assume the keytab is still valid since the mount succeeds and root
works. Kerberos otherwise works ok on this machine, you can kinit, etc?
You might want to check the kdc log on and the 389-ds log, you might see
some querying to find the user for authentication.
Do things like 'getent passwd <someuser>' still work?
rob
More information about the Freeipa-users
mailing list