Unable to mount NFS shared file with Kerberos
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Unable to mount NFS shared file with Kerberos
If so be advised that instead of copying the "p12" certificate , you need the pem certificate that is located at "/etc/pki/tls/cert.pem" on the ipa server.
-
- Posts: 25
- Joined: 2016/11/23 13:22:32
Re: Unable to mount NFS shared file with Kerberos
Hi,
what does it chaneg if I do cp etc/pki/tls/cert.pem /var/ftp/pub instead of cp /root/cacert.p12 /var/ftp/pub as mentioned in lisenet tuto?
Thank you
what does it chaneg if I do cp etc/pki/tls/cert.pem /var/ftp/pub instead of cp /root/cacert.p12 /var/ftp/pub as mentioned in lisenet tuto?
Thank you
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Unable to mount NFS shared file with Kerberos
The "authconfig" (cli), "authconfig-tui" (tui) and "authconfig-gtk" (graphical) tools cannot work with p12 certificates, and thus you won't be able to use ldaps against the FreeIPA server.
-
- Posts: 25
- Joined: 2016/11/23 13:22:32
Re: Unable to mount NFS shared file with Kerberos
Thank you for everything, that has been very helpful.
I didn't complete yet everything but will keep posted in the case i have further issues
I didn't complete yet everything but will keep posted in the case i have further issues
-
- Posts: 25
- Joined: 2016/11/23 13:22:32
Re: Unable to mount NFS shared file with Kerberos
I tried to understand why it didn’t work the first time and I decided to reinstall everything and now I have the same issue again after I reinstalled everything..
I followed the steps in the lisenet free ipa tuto link provided ( I actually new VM’s from scratch at the beginning) but I still cannot mount a NFS share folder
[root@server2 ~]# cat /etc/redhat-release
[root@server2 ~]# cat /etc/hosts ( similar for the 3 VM’s)
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.4.30 server1.car.local server1
192.168.4.31 server2.car.local server2
192.168.4.32 server3.car.local server3
[root@server1 ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@server2 ~]# dig server1.car.local
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> server1.car.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3787
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;server1.car.local. IN A
;; AUTHORITY SECTION:
. 86397 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017081000 1800 900 604800 86400
;; Query time: 12 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 10 13:40:32 BST 2017
;; MSG SIZE rcvd: 121
[root@server2 ~]#
[root@server2 ~]# dig server2.car.local
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> server2.car.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14458
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;server2.car.local. IN A
;; AUTHORITY SECTION:
. 86388 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017081000 1800 900 604800 86400
;; Query time: 43 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 10 13:40:40 BST 2017
;; MSG SIZE rcvd: 121
[root@server2 ~]#
[root@server2 ~]#
[root@server2 ~]# dig server3.car.local
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> server3.car.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47105
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;server3.car.local. IN A
;; AUTHORITY SECTION:
. 86398 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017081000 1800 900 604800 86400
;; Query time: 11 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 10 13:40:50 BST 2017
;; MSG SIZE rcvd: 121
**********************************Server2 ( NFS SERVER)*********************************
vim /etc/exports
/nfssecure *.*.local(sec=krb5p,rw,sync)
[root@server2 ~]# showmount -e localhost
Export list for localhost:
/nfssecure *.*.local
[root@server2 ~]#
**********************************Server2 ( NFS SERVER)*********************************
********************************** Server 3 NFS CLIENT***********************************
Server 3 NFS CLIENT
[root@server3 ~]# mount -a
mount.nfs: an incorrect mount option was specified
fstab file:
server2.car.local:/nfssecure /secure nfs defaults.v4.2,sec=krb5p,sync 0 0
Manually, I got the following result
[root@server3 ~]# mount -o nfsvers=4.2,sec=krb5p 192.168.4.31:/nfssecure /secure
mount.nfs: access denied by server while mounting 192.168.4.31:/nfssecure
********************************** Server 3 NFS CLIENT***********************************
Thank you for your help
I followed the steps in the lisenet free ipa tuto link provided ( I actually new VM’s from scratch at the beginning) but I still cannot mount a NFS share folder
[root@server2 ~]# cat /etc/redhat-release
[root@server2 ~]# cat /etc/hosts ( similar for the 3 VM’s)
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.4.30 server1.car.local server1
192.168.4.31 server2.car.local server2
192.168.4.32 server3.car.local server3
[root@server1 ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@server2 ~]# dig server1.car.local
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> server1.car.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3787
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;server1.car.local. IN A
;; AUTHORITY SECTION:
. 86397 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017081000 1800 900 604800 86400
;; Query time: 12 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 10 13:40:32 BST 2017
;; MSG SIZE rcvd: 121
[root@server2 ~]#
[root@server2 ~]# dig server2.car.local
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> server2.car.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14458
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;server2.car.local. IN A
;; AUTHORITY SECTION:
. 86388 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017081000 1800 900 604800 86400
;; Query time: 43 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 10 13:40:40 BST 2017
;; MSG SIZE rcvd: 121
[root@server2 ~]#
[root@server2 ~]#
[root@server2 ~]# dig server3.car.local
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> server3.car.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47105
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;server3.car.local. IN A
;; AUTHORITY SECTION:
. 86398 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017081000 1800 900 604800 86400
;; Query time: 11 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 10 13:40:50 BST 2017
;; MSG SIZE rcvd: 121
**********************************Server2 ( NFS SERVER)*********************************
vim /etc/exports
/nfssecure *.*.local(sec=krb5p,rw,sync)
[root@server2 ~]# showmount -e localhost
Export list for localhost:
/nfssecure *.*.local
[root@server2 ~]#
**********************************Server2 ( NFS SERVER)*********************************
********************************** Server 3 NFS CLIENT***********************************
Server 3 NFS CLIENT
[root@server3 ~]# mount -a
mount.nfs: an incorrect mount option was specified
fstab file:
server2.car.local:/nfssecure /secure nfs defaults.v4.2,sec=krb5p,sync 0 0
Manually, I got the following result
[root@server3 ~]# mount -o nfsvers=4.2,sec=krb5p 192.168.4.31:/nfssecure /secure
mount.nfs: access denied by server while mounting 192.168.4.31:/nfssecure
********************************** Server 3 NFS CLIENT***********************************
Thank you for your help
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Unable to mount NFS shared file with Kerberos
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
Easier is just to try this way:It should return your IPs as per the "/etc/hosts"
Define the FreeIPA server as your DNS...
Easier is just to try this way:
Code: Select all
dig +short server1.car.local server2.car.local server3.car.local
Define the FreeIPA server as your DNS...
Last edited by hunter86_bg on 2017/08/10 13:45:49, edited 1 time in total.
-
- Posts: 25
- Joined: 2016/11/23 13:22:32
Re: Unable to mount NFS shared file with Kerberos
There is no output..
[root@server1 ~]# dig +short server1.car.local server2.car.local server3.car.local
[root@server1 ~]#
[root@server1 ~]# dig +short server1.car.local server2.car.local server3.car.local
[root@server1 ~]#
Re: Unable to mount NFS shared file with Kerberos
Does dig even look at /etc/hosts? The man page seems to imply not...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 25
- Joined: 2016/11/23 13:22:32
Re: Unable to mount NFS shared file with Kerberos
I tried to define the free ipa server as my dns many times during my previous tests but I’m there unable to complete the ipa-server-install --setup-dns as per instruction in the lisenet tuto.
Only solution to complete the the ipa-server-install --setup-dns was to leave the dns as 8.8.8.8
Only solution to complete the the ipa-server-install --setup-dns was to leave the dns as 8.8.8.8
-
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Unable to mount NFS shared file with Kerberos
What is the error when installing FreeIPA with DNS?
There are some changes in IPA introduced with RHEL7.2
There are some changes in IPA introduced with RHEL7.2