I am struggling to get a nfsv4 kerberos share on a linux server to mount on Freebsd 13 client. (The other way it worked.)
On Linux there are to option to specify a kerberos share:
I also inspected the output of
When I used the gssname-option, i.e.,
that aparently shows that the key is not found in krb5.keytab. (I also tried
I also tried different version of gssname, e.g.
But
Apart from a
I should add the that
Does anybody has an idea what goes wrong? Is it not possible to mount Linux kerberos nfsv4-shares on FreeBSD13?
In another post it is noted that kerberos nfsv4 is broken.
On Linux there are to option to specify a kerberos share:
- /etc/exports on
linserv
:
Code:/nfs *(rw,sec=krb5:krb5i:krb5p,async,fsid=0) /nfs/home *(rw,sec=krb5:krb5i:krb5p,async,nohide,no_root_squash)
bsdclient
) with
mount_nfs -o nfsv4,sec=krb5 linserv:/home /mnt/tmp
yields:
Code:nfsv4 err=10016 mount_nfs: /mnt/tmp: Input/output error
- /etc/exports on
linserv
:
Code:/nfs gss/krb5(rw,async,fsid=0) /nfs/home gss/krb5(rw,async,nohide,no_root_squash)
Code:mount_nfs: /mnt/tmp: Input/output error
I also inspected the output of
gssd -h -d -v
:
Code:
gssd_import_name: done major=0x0 minor=0
gssd_init_sec_context: done major=0xd0000 minor=2 uid=0
gssd_release_name: done major=0x0 minor=0
When I used the gssname-option, i.e.,
mount_nfs -o nfsv4,sec=krb5,gssname=host linserv:/home /mnt/tmp
Code:
gssd_import_name: done major=0x0 minor=0
gssd_acquire_cred: desired name for host based initiator cred major=0x0 minor=0
gssd_acquire_cred: using keytab entry for host/bsdclient, kerberos ret=-1765328378
gssd_release_name: done major=0x0 minor=0
gssd -h -d -v -s /etc/krb5.keytab
with the same result.)I also tried different version of gssname, e.g.
mount_nfs -o nfsv4,sec=krb5,gssname=host@bsdclient.samdom.com linserv:/home /mnt/tmp
, but the error was similar:
Code:
gssd_import_name: done major=0x0 minor=0
gssd_acquire_cred: desired name for host based initiator cred major=0x0 minor=0
gssd_acquire_cred: using keytab entry for host/bsdclient.samdom.com, kerberos ret=-1765328378
gssd_release_name: done major=0x0 minor=0
But
ktutil list
shows that the host-key is in krb5.keytab:
Code:
1 aes256-cts-hmac-sha1-96 host/bsdclient.samdom.com@SAMDOM.COM
1 aes128-cts-hmac-sha1-96 host/bsdclient.samdom.com@SAMDOM.COM
1 arcfour-hmac-md5 host/bsdclient.samdom.com@SAMDOM.COM
Apart from a
rpc.mountd[593]: failed authentication for IP 10.0.2.99
(i.e., the IP of bsdclient
) I could find nothing on linserv
.I should add the that
bsdclient
also contains the samba AD server. And I can mount the share on linserv
from any Linux machine with nfsv4-kerberos (using option 1 or 2).Does anybody has an idea what goes wrong? Is it not possible to mount Linux kerberos nfsv4-shares on FreeBSD13?
In another post it is noted that kerberos nfsv4 is broken.