I have used RPCGSSDARGS="-vvv" RPCSVCGSSDARGS="-vvv"
in /etc/sysconfig/nfs , as suggested in http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html In the excerpt below, taken during the mount, meson is the client, spinque03 is the nfs server (synology). It still doesn't tell me much, perhaps I'm missing something? rpc.gssd[838]: handling gssd upcall (nfs/clnt19) rpc.gssd[838]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' rpc.gssd[3328]: handling krb5 upcall (nfs/clnt19) rpc.gssd[3328]: process_krb5_upcall: service is '<null>' rpc.gssd[3328]: Full hostname for 'spinque03.hq.spinque.com' is ' spinque03.hq.spinque.com' rpc.gssd[3328]: Full hostname for 'meson.hq.spinque.com' is ' meson.hq.spinque.com' rpc.gssd[3328]: No key table entry found for MESON$@HQ.SPINQUE.COM while getting keytab entry for 'MESON$@HQ.SPINQUE.COM' rpc.gssd[3328]: No key table entry found for root/ meson.hq.spinque....@hq.spinque.com while getting keytab entry for 'root/ meson.hq.spinque....@hq.spinque.com' rpc.gssd[3328]: No key table entry found for nfs/ meson.hq.spinque....@hq.spinque.com while getting keytab entry for 'nfs/ meson.hq.spinque....@hq.spinque.com' rpc.gssd[3328]: Success getting keytab entry for 'host/ meson.hq.spinque....@hq.spinque.com' rpc.gssd[3328]: Successfully obtained machine credentials for principal 'host/meson.hq.spinque....@hq.spinque.com' stored in ccache 'FILE:/tmp/ krb5ccmachine_HQ.SPINQUE.COM' rpc.gssd[3328]: INFO: Credentials in CC 'FILE:/tmp/ krb5ccmachine_HQ.SPINQUE.COM' are good until 1439461246 rpc.gssd[3328]: using FILE:/tmp/krb5ccmachine_HQ.SPINQUE.COM as credentials cache for machine creds rpc.gssd[3328]: using environment variable to select krb5 ccache FILE:/tmp/ krb5ccmachine_HQ.SPINQUE.COM gssproxy[809]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found gssproxy[798]: gssproxy[809]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found rpc.gssd[3328]: creating tcp client for server spinque03.hq.spinque.com rpc.gssd[3328]: DEBUG: port already set to 2049 rpc.gssd[3328]: creating context with server n...@spinque03.hq.spinque.com rpc.gssd[3328]: DEBUG: serialize_krb5_ctx: lucid version! rpc.gssd[3328]: prepare_krb5_rfc4121_buffer: protocol 1 rpc.gssd[3328]: prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32 rpc.gssd[3328]: doing downcall: lifetime_rec=86399 acceptor= n...@spinque03.hq.spinque.com rpc.gssd[838]: handling gssd upcall (nfs/clnt19) rpc.gssd[838]: handle_gssd_upcall: 'mech=krb5 uid=1005 enctypes=18,17,16,23,3,1,2 ' rpc.gssd[3337]: handling krb5 upcall (nfs/clnt19) rpc.gssd[3337]: process_krb5_upcall: service is '<null>' gssproxy[809]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found gssproxy[798]: gssproxy[809]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found rpc.gssd[3337]: creating tcp client for server spinque03.hq.spinque.com rpc.gssd[3337]: DEBUG: port already set to 2049 rpc.gssd[3337]: creating context with server n...@spinque03.hq.spinque.com rpc.gssd[3337]: DEBUG: serialize_krb5_ctx: lucid version! rpc.gssd[3337]: prepare_krb5_rfc4121_buffer: protocol 1 rpc.gssd[3337]: prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32 rpc.gssd[3337]: doing downcall: lifetime_rec=85675 acceptor= n...@spinque03.hq.spinque.com On 12 August 2015 at 02:46, Roberto Cornacchia <roberto.cornacc...@gmail.com > wrote: > Hi, > > I am trying to use a Synology NAS station in my FreeIPA domain to host > automounted home directories (not created automatically for now). > > I got almost everything working, but I seem to have a problem with > kerberized nfs. > > The NAS logs in the LDAP domain and seems happy with the kerberos > principal that I uploaded. > > > > * If I use plain nfs4 without krb5 > > - /etc/exports - > /volume1/shared_homes > 192.168.0.0/24(rw,async,no_wdelay,all_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100) > > then I can mount it and use it (it even works with automount). But only > using all_squash. Not useful: > > > * If I use krb5 > > - /etc/exports - > /volume1/shared_homes > 192.168.0.0/24(rw,async,no_wdelay,no_root_squash,insecure_locks,sec=krb5,anonuid=1025,anongid=100) > > then I can kinit with an LDAP user, mount it with sec=krb5, but I get > "nobody" as file owner. > > This is done from a FC22 client, perfectly enrolled in freeIPA. > > The client's log contains several of such errors: > > gssproxy[807]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. > Minor code may provide more information, No credentials cache found > > > Any tip to help me understand what the problem is? > Roberto >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project