[Freeipa-users] problems with NFS service principal

Thu, 05 Nov 2015 08:47:18 -0800 

Hello everyone,

I initially followed freeipa NFS documentation for setting up external stand 
alone NFS server

ipa host-add mickey.corp.example.org
ipa service-add nfs/mickey.corp.example.org
ipa-getkeytab -s razoul.corp.example.org -p nfs/mickey.corp.example.org -k 
/tmp/nfs.keytab

uploaded keytab to NFS server and all appeared to work just fine:

mickey> export KRB5_CONFIG=/etc/nfs/krb5.conf
mickey> kinit admin
Password for ad...@corp.example.org: XXXXXXX
mickey> klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: ad...@corp.example.org

Valid starting       Expires              Service principal
05/16/2015 18:17:00  05/17/2015 18:16:50  
krbtgt/corp.example....@corp.example.org
mickey> kinit -k -t /etc/nfs/krb5.keytab 
nfs/mickey.corp.example....@corp.example.org
mickey> klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: nfs/mickey.corp.example....@corp.example.org

Valid starting       Expires              Service principal
05/16/2015 23:48:14  05/17/2015 23:48:13  
krbtgt/corp.example....@corp.example.org
mickey>

However, I learned hard way (NFS stopped working) that ipa-getkeytab issues 
ticket with a default timeout of 3 months.

I repeated ipa-getkeytab and got:

mickey> kinit -k -t /etc/nfs/krb5.keytab
kinit: Keytab contains no suitable keys for 
host/mickey.corp.example....@corp.example.org while getting initial credentials
mickey> klist -k -t /etc/nfs/krb5.keytab
Keytab name: FILE:/etc/nfs/krb5.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
  5 11/03/2015 10:50:10 nfs/mickey.corp.example....@corp.example.org
  5 11/03/2015 10:50:10 nfs/mickey.corp.example....@corp.example.org
  5 11/03/2015 10:50:10 nfs/mickey.corp.example....@corp.example.org
  5 11/03/2015 10:50:10 nfs/mickey.corp.example....@corp.example.org

When client tries to mount:

# mount -vvv -o sec=krb5 mickey:/volume1/homes /mnt
mount.nfs: timeout set for Thu Nov  5 11:41:39 2015
mount.nfs: trying text-based options 
'sec=krb5,vers=4,addr=192.168.26.2,clientaddr=192.168.26.31'
mount.nfs: mount(2): Invalid argument
mount.nfs: an incorrect mount option was specified

Not much information available...

Any NFS experts out here?

Thanks,
Josh.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to