[Freeipa-users] insecure IPA'd NFS
Chris Evich
cevich at redhat.com
Thu May 10 13:37:02 UTC 2012
On 05/09/2012 08:47 PM, Steven Jones wrote:
> Removed the sys: and now no IPA'd client can mount.....oh joy....
Hehe, this is typical (and frustrating) for fresh NFS+Kerberos setups.
it's very easy to miss a little detail and not get much back as to why
it's not working. I'd suggest going through the setup step-by-step
again to see what's missing.
Does both client and server have valid nfs/<fqdn>@DOMAIN keys in
/etc/krb5.keytab?
Is /etc/krb5.keytab accessible (i.e. no SELinux problems)?
Is port 2049 open on firewall?
What's the state of rpc.svcgssd process on server and rpc.gssd process
on client?
Can you manually mount the export on the server?
What shows in krb5kdc.log when trying to manually mount on client?
If none of those localize the problem area further, you can go down the
road of bumping the rpc debug levels on both sides to see where the
issue is.
Hope that helps.
More information about the Freeipa-users
mailing list