[Freeipa-users] FreeIpa Server + NFSv4 Kerberos mount problem.

Sun Oct 9 14:57:51 UTC 2016

Alan, thank you very much for your prompt answer, I didnt completely
understand your point.

So basically FreeNAS would be incompatible with FreeIPA? If that is the
case, my alternative would be to set up another NFS server?

Did you by any chance get this working before? The reason why I am asking
you this is just because I have followed so many guides already and I even
tried a separate Ubuntu NFS server which also didn't work.

If this approach of using FreeIPA + NFSv4 works is there any recommended
scenario that would lead to a working solution between them?

Thank you very much.
Arthur.

On Sat, Oct 8, 2016 at 6:05 PM Alan Latteri <alan at instinctualsoftware.com>
wrote:

> I think you problem is FreeNAS and not IPA itself.  In FreeNAS 10 they
> will have built in IPA functionality.
>
> On Oct 8, 2016, at 5:47 PM, Arthur Morales Sampaio <amostech at gmail.com>
> wrote:
>
> Good morning, my name is Arthur and I am working on the integration of
> FreeIPA and NFSv4 mounting for home directory sharing for authenticated
> users.
>
> This is the first time I am doing this so the problem could be simple.
> It's been already a week that I have been struggling with this and I don't
> know where else to ask for help. I have read pretty much everything that is
> to be read online regarding Freeipa integration.
>
> Here is my scenario:
> - FreeIPA server 4.2.0 - Centos7
> - FreeNAS (NFSv4 server) 10 - FreeBSD (bundled with FreeNAS)
> - Client Ubuntu 16.04. Installed IPA client using ipa-client-install and
> imported LDAP credentials. Kerberos login is working properly I can log
> into the machines using IPA users. But can't mount NFS4 using sec=krb5
> option.
>
> I have a functional FreeIPA server with Kerberos authentication working
> properly. But I can't get NFSv4 authenticated to work in freeipa-clients.
>
> Following is the error that I am getting:
>
>
>
> I know that this might not be enough detail for me to get help for this
> problem. But the thing is that I don't know how to enable a more verbosity
> functionality for this.
>
> The desired behavior would be to create mounts for home directories of
> users and enable kerberos security to mount them. Meaning that I need only
> the owners to be able to mount them.
>
> This is something that is very confusing for me. Wouldn't I be required to
> somehow pass to the mount command the username or any credentials of the
> kerberos user just so the NFS server would know *WHO* is trying to mount
> the directory?
>
> I really exhausted my resources in trying to fix this issue.
>
> Does FreeIPA work with NFSv4?
>
> I sincerely appreciate your help on this one.
>
> Best regards,
> Arthur
>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161009/88ed58e6/attachment.htm>