FreeBSD 9.0 + ZFS + NFSv4 + Kerberos

[Rick Macklem]

Tim Gustafson wrote:
> Hi,
> 
> I'd like to set up a FreeBSD 9.0 box as a ZFS+NFSv4+Kerberos server.
> So far, I can mount a file system from a client machine, but whenever
> I try to do anything on that file system, I get errors that look like
> this:
> 
> tjg at junta: cd /mnt
> nfsv4 err=10016
> nfsv4 err=10016
> /mnt: Input/output error.
> 
Read this:
http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup
(Still basically applies to FreeBSD9.)

> I can kinit on both boxes, and have done so on my client box; klist
> shows a valid ticket on the client box. I can "mount /mnt" on the
> client without any problems.
> 
The client must have the appropriate TGT at time of mount. Unless you
apply the patch mentioned in the above wiki and have the correct /etc/keytab
entry in the client,the mount can only be done by a non-root user after
they have done a kinit. (vfs.usermount=1)

> Here are the relevant configuration files:
> 
> server:/etc/rc.conf:
> 
> nfs_server_enable="yes"
> nfsv4_server_enable="yes"
> mountd_enable="yes"
> mountd_flags="-r"
> rpcbind_enable="yes"
> rpc_lockd_enable="yes"
> rpc_statd_enable="yes"
> gssd_enable="yes"
> 
> server:/etc/exports:
> 
> V4: /tank/export -sec=krb5p
> 
> client:/etc/rc.conf:
> 
> nfs_client_enable="yes"
> rpc_lockd_enable="yes"
> rpc_statd_enable="yes"
> rpcbind_enable="yes"
> devfs_enable="yes"
> gssd_enable="yes"
> 
> client:/etc/fstab:
> 
> server:/ /mnt nfs rw,noauto,nfsv4,sec=krb5p 0 0
> 
Won't work unless the client has the above mentioned patch and the
correct /etc/keytab entry.

Good luck with it, rick

> --
> 
> Tim Gustafson
> tjg at soe.ucsc.edu
> 831-459-5354
> Baskin Engineering, Room 313A
> _______________________________________________
> freebsd-fs at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-fs
> To unsubscribe, send any mail to "freebsd-fs-unsubscribe at freebsd.org"