francisaugusto
Contributor
- Joined
- Nov 16, 2018
- Messages
- 153
Hi,
I am trying to make nfsv4 to work with kerberos. I've successfully joined freenas to my domain server (FreeIPA), and authentication works fine. Mounting NFSv4 shares, however, doesn't work. TrueNAS says that the "mounting request succeeded", but the client gets "operation not permitted".
I noticed that when I do a "ktutil" on TrueNAS, I get the following:
So the nfs principal doesn't show there. But:
I don't know if this is the problem, but the principal is not showing when trying a `klist`.
Any tips on where to get more info on how to get this working? I manage to make it work fine on an ubuntu client, but not on freenas.
I am trying to make nfsv4 to work with kerberos. I've successfully joined freenas to my domain server (FreeIPA), and authentication works fine. Mounting NFSv4 shares, however, doesn't work. TrueNAS says that the "mounting request succeeded", but the client gets "operation not permitted".
I noticed that when I do a "ktutil" on TrueNAS, I get the following:
Code:
root@freenas[/var/log]# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: host/freenas.local@IPA.LOCAL Issued Expires Principal Jan 1 17:15:24 2022 Jan 2 17:15:24 2022 krbtgt/IPA.local@IPA.LOCAL Jan 1 17:15:32 2022 Jan 2 17:15:24 2022 ldap/ipa.LOCAL@IPA.LOCAL
So the nfs principal doesn't show there. But:
Code:
root@freenas[/var/log]# ktutil list FILE:/etc/krb5.keytab: Vno Type Principal Aliases 1 aes256-cts-hmac-sha1-96 host/freenas.local@IPA.LOCAL 1 aes128-cts-hmac-sha1-96 host/freenas.local@IPA.LOCAL 1 aes256-cts-hmac-sha1-96 nfs/freenas.local@IPA.LOCAL 1 aes128-cts-hmac-sha1-96 nfs/freenas.local@IPA.LOCAL
I don't know if this is the problem, but the principal is not showing when trying a `klist`.
Any tips on where to get more info on how to get this working? I manage to make it work fine on an ubuntu client, but not on freenas.
Last edited: