Need help with nfsv4 and krb5 access denied

Herbert Poeckl freebsdml at ist.tugraz.at
Mon Jun 25 11:52:58 UTC 2012 

Hi everybody.

We are new to this list and need technical help.

We are getting access denied error on our debian clients when mounting
nfsv4 network drives with kerberos 5 authentication.

What is wired about this, is that it works with one server, but not with
a second server. The configuration on these both machines are identical,
witch we have tested by booting from the same USB drive.

The one where it works on is a Intel based standard workstation (HP
DC7800). The machine where it does not work is a AMD Opteron based
server (Sun X4540). Any other kerberos authentication (like smb and
netatalk) works fine.

We basically followed these instructions:
http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup

Our system configuration looks as follows:
-- 8< ----------------------------------------- >8 --
root at tmp2:/root # uname -a
FreeBSD tmp2.ist.intra 9.0-STABLE FreeBSD 9.0-STABLE #4: Thu Jun 14
08:58:14 UTC 2012     root at srv.ist.intra:/usr/obj/system/usr/src/sys/SRV
 amd64


root at tmp2:/root #  diff /usr/src/sys/amd64/conf/GENERIC
/usr/src/sys/amd64/conf/SRV
348a349,354
>
>
> options               KGSSAPI
> device                crypto
>
> options               NETATALK


root at tmp2:/root # cat /etc/krb5.conf
[libdefaults]
        default_realm = IST.INTRA
        forwardable = true
        proxiable = true


root at tmp2:/root # ktutil list
FILE:/etc/krb5.keytab:

Vno  Type                     Principal
  1  aes256-cts-hmac-sha1-96  nfs/tmp2.ist.intra at IST.INTRA
  1  des3-cbc-sha1            nfs/tmp2.ist.intra at IST.INTRA
  1  arcfour-hmac-md5         nfs/tmp2.ist.intra at IST.INTRA

ktutil: krb5_kt_start_seq_get krb4:/etc/srvtab: open(/etc/srvtab): No
such file or directory


root at tmp2:/root # cat /etc/exports

V4: /tmp -sec=krb5p -network 192.168.1.0 -mask 255.255.255.0
/tmp/blah -sec=krb5p -network 192.168.1.0 -mask 255.255.255.0
root at tmp2:/root #



root at tmp2:/root # less /var/run/dmesg.boot
FreeBSD 9.0-STABLE #4: Thu Jun 14 08:58:14 UTC 2012
    root at srv.ist.intra:/usr/obj/system/usr/src/sys/SRV amd64
CPU: Six-Core AMD Opteron(tm) Processor 2435 (2600.16-MHz K8-class CPU)
  Origin = "AuthenticAMD"  Id = 0x100f80  Family = 10  Model = 8
Stepping = 0

Features=0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT>
  Features2=0x802009<SSE3,MON,CX16,POPCNT>
  AMD
Features=0xee500800<SYSCALL,NX,MMX+,FFXSR,Page1GB,RDTSCP,LM,3DNow!+,3DNow!>
  AMD
Features2=0x37ff<LAHF,CMP,SVM,ExtAPIC,CR8,ABM,SSE4A,MAS,Prefetch,OSVW,IBS,SKINIT,WDT>
  TSC: P-state invariant
-- 8< ----------------------------------------- >8 --

Any help is greatly appreciated.

Kind regards,
 Herbert Poeckl

More information about the freebsd-stable mailing list