[Freeipa-users] Kerberized NFS with Synology NAS
Roberto Cornacchia
roberto.cornacchia at gmail.com
Wed Aug 12 00:46:16 UTC 2015
Hi,
I am trying to use a Synology NAS station in my FreeIPA domain to host
automounted home directories (not created automatically for now).
I got almost everything working, but I seem to have a problem with
kerberized nfs.
The NAS logs in the LDAP domain and seems happy with the kerberos principal
that I uploaded.
* If I use plain nfs4 without krb5
- /etc/exports -
/volume1/shared_homes
192.168.0.0/24(rw,async,no_wdelay,all_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100)
then I can mount it and use it (it even works with automount). But only
using all_squash. Not useful:
* If I use krb5
- /etc/exports -
/volume1/shared_homes
192.168.0.0/24(rw,async,no_wdelay,no_root_squash,insecure_locks,sec=krb5,anonuid=1025,anongid=100)
then I can kinit with an LDAP user, mount it with sec=krb5, but I get
"nobody" as file owner.
This is done from a FC22 client, perfectly enrolled in freeIPA.
The client's log contains several of such errors:
gssproxy[807]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure.
Minor code may provide more information, No credentials cache found
Any tip to help me understand what the problem is?
Roberto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150812/d3373b21/attachment.htm>
More information about the Freeipa-users
mailing list