Kerberized nfs / gssproxy / No credentials cache found

Issues related to applications and software problems
Post Reply
chtsalid
Posts: 7
Joined: 2017/02/20 08:43:54

Kerberized nfs / gssproxy / No credentials cache found

Post by chtsalid » 2017/02/20 08:49:47

Hi,

I am trying to setup kerberized nfs on centos 7 and I am receiving the following problem.

My topology is the following

freeipa server - 192.168.122.1
nfs server - 192.168.122.2
nfs client - 192.168.122.3

[root@rh3 ~]# mount -o sec=krb5p rh2.lab.local:/srv/nfsexport /mnt/securenfs/
mount.nfs: access denied by server while mounting rh2.lab.local:/srv/nfsexport


[root@rh3 ~]# cat /var/log/messages
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found
Feb 19 00:21:51 rh3 gssproxy: gssproxy[20313]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found



[root@rh3 ~]# cat /etc/gssproxy/gssproxy.conf
[gssproxy]

[service/HTTP]
mechs = krb5
cred_store = keytab:/etc/gssproxy/http.keytab
cred_store = ccache:/var/lib/gssproxy/clients/krb5cc_%U
euid = 48

[service/nfs-server]
mechs = krb5
socket = /run/gssproxy.sock
cred_store = keytab:/etc/krb5.keytab
trusted = yes
kernel_nfsd = yes
euid = 0

[service/nfs-client]
mechs = krb5
cred_store = keytab:/etc/krb5.keytab
cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%U
cred_store = client_keytab:/var/lib/gssproxy/clients/%U.keytab
cred_usage = initiate
allow_any_uid = yes
trusted = yes
euid = 0


Any idea?

Many thanks!
Top
chtsalid
Posts: 7
Joined: 2017/02/20 08:43:54

Re: Kerberized nfs / gssproxy / No credentials cache found

Post by chtsalid » 2017/02/20 11:19:50

I don't know exactly, how it happened, but after a system reboot
it works fine. I always do a restart of services, after .conf files
is modified.
So, I am now not sure why it now works.
Top
Post Reply

Return to “CentOS 7 - Software Support”