Try inserting this in /etc/gssproxy/gssproxy.conf: cred_store = ccache:FILE:/tmp/krb5cc_%U
/etc/gssproxy/gssproxy.conf: [service/nfs-client] mechs = krb5 cred_store = keytab:/etc/krb5.keytab cred_store = ccache:FILE:/tmp/krb5cc_%U cred_store = ccache:FILE:/var/lib/gssproxy/clients/krb5cc_%U cred_store = client_keytab:/var/lib/gssproxy/clients/%U.keytab cred_usage = initiate allow_any_uid = yes trusted = yes euid = 0 Regards, Bjarne Blichfeldt -----Original Message----- From: Tony Brian Albers [mailto:t...@statsbiblioteket.dk] Sent: 15. november 2016 13:18 To: freeipa-users@redhat.com Subject: [Freeipa-users] krb5 and nfsv4 not working right Hi guys, I've followed every guide I can find on this subject. What I'm trying to is to get our home directories which are shared via NFS from the FreeIPA server mounted via autofs on the clients. The client is kact-man-001 and the FreeIPA server is kact-adm-001 /etc/exports: I've done the ipa-client-install and the ipa-client-automount However, when I log in, my homedir is mounted as expected but what I get in the messages log is: Nov 15 12:52:25 kact-man-001 gssproxy: gssproxy[770]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found A lot! /etc/krb5.conf is default from the FreeIPA installation: default_ccache_name = KEYRING:persistent:%{uid} The autofs setup looks like this: --------------------------------------------------------- [root@kact-adm-001 log]# ipa automountmap-find Location: default ------------------------ 3 automount maps matched ------------------------ Map: auto.direct Map: auto.home Map: auto.master ---------------------------- Number of entries returned 3 ---------------------------- [root@kact-adm-001 log]# [root@kact-adm-001 log]# ipa automountkey-find Location: default Map: auto.home ----------------------- 1 automount key matched ----------------------- Key: * Mount information: -fstype=nfs4,rw,sec=krb5,rsize=8192,wsize=8192 kact-adm-001.kact.sblokalnet:/data/home/& ---------------------------- Number of entries returned 1 ---------------------------- [root@kact-adm-001 log]# --------------------------------------------------------- Now, the BAD thing is, trying to copy a large file to the automounted dir on the client just hangs: [tba@pc588 images]$ scp NAS4Free-x64-LiveUSB-10.3.0.3.2987.img.gz tba...@kact-man-001.kact.sblokalnet:. tba...@kact-man-001.kact.sblokalnet's password: NAS4Free-x64-LiveUSB-10.3.0.3.2987.img.gz 100% 281MB 93.6MB/s 00:03 [hangs] And my logged in session on the client hangs if I try to do ls in my homedir: [tba@pc588 ~]$ ssh tba...@kact-man-001.kact.sblokalnet tba...@kact-man-001.kact.sblokalnet's password: Last login: Tue Nov 15 13:07:12 2016 from pc588.sb.statsbiblioteket.dk -sh-4.2$ -sh-4.2$ -sh-4.2$ pwd /home/tba-sb -sh-4.2$ hostname kact-man-001 -sh-4.2$ -sh-4.2$ ls [hangs] And I see a huge amount of the GSS failures in the messages file on the client. Any suggestions? TIA -- Best regards, Tony Albers Systems administrator, IT-development State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark. Tel: +45 2566 2383 / +45 8946 2316 -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project