Hi,
I am trying to setup kerberized nfs on centos 7 and I am receiving the following problem.
My topology is the following
freeipa server - 192.168.122.1
nfs server - 192.168.122.2
nfs client - 192.168.122.3
[root@rh3 ~]# mount -o sec=krb5p rh2.lab.local:/srv/nfsexport /mnt/securenfs/
mount.nfs: access denied by server while mounting rh2.lab.local:/srv/nfsexport
[root@rh3 ~]# cat /var/log/messages
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
[root@rh3 ~]# cat /etc/gssproxy/gssproxy.conf
[gssproxy]
[service/HTTP]
mechs = krb5
cred_store = keytab:/etc/gssproxy/http.keytab
cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U
euid = 48
[service/nfs-server]
mechs = krb5
socket = /run/gssproxy.sock
cred_store = keytab:/etc/krb5.keytab
trusted = yes
kernel_nfsd = yes
euid = 0
[service/nfs-client]
mechs = krb5
cred_store = keytab:/etc/krb5.keytab
cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%U
cred_store = client_keytab:/var/lib/gssproxy/clients/%U.keytab
cred_usage = initiate
allow_any_uid = yes
trusted = yes
euid = 0
Any idea?
Many thanks!
Kerberized nfs / gssproxy / No credentials cache found
Re: Kerberized nfs / gssproxy / No credentials cache found
I don't know exactly, how it happened, but after a system reboot
it works fine. I always do a restart of services, after .conf files
is modified.
So, I am now not sure why it now works.
it works fine. I always do a restart of services, after .conf files
is modified.
So, I am now not sure why it now works.