Hello,
after NFS with sec=sys doesn't fit my needs, I'd like to mount my TrueNAS datasets using sec=krb5, but I can't make it work.
Setup: Kerberos (MIT) server on Linux. TrueNAS as NFS server. Linux box as NFS client.
Same client can mount the export with sec=sys, but with sec=krb5 it says
To see if it's the client or the Kerberos server I've set up an NFS client on a Linux box and there it just works. The following keytab I prepared on the KDC and scp'ed to the TrueNAS box. The file on the Linux NFS server looks the same, only with a different hostname.
What I found mysterious is the following:
Rebooting the Linux client or the Linux server makes them fetch TGT and Ticket from the KDC (I can see that in the KDC logs).
On rebooting TrueNAS I don't see anything in the KDC logs. But a reboot deletes the keytab I copyied to /etc.
What's going on? How can I use TrueNAS as a kerberized NFS server?
Regards,
Chris
after NFS with sec=sys doesn't fit my needs, I'd like to mount my TrueNAS datasets using sec=krb5, but I can't make it work.
Setup: Kerberos (MIT) server on Linux. TrueNAS as NFS server. Linux box as NFS client.
Same client can mount the export with sec=sys, but with sec=krb5 it says
Code:
mount -v -t nfs -o sec=krb5 truenas.local:/mnt/tank/iocage/nfstest /mnt/nfs/ mount.nfs: timeout set for Sat Jan 29 19:20:08 2022 mount.nfs: trying text-based options 'sec=krb5,vers=4.2,addr=192.168.0.81,clientaddr=192.168.0.13' mount.nfs: mount(2): Protocol not supported mount.nfs: trying text-based options 'sec=krb5,vers=4.1,addr=192.168.0.81,clientaddr=192.168.0.13' mount.nfs: mount(2): Operation not permitted
To see if it's the client or the Kerberos server I've set up an NFS client on a Linux box and there it just works. The following keytab I prepared on the KDC and scp'ed to the TrueNAS box. The file on the Linux NFS server looks the same, only with a different hostname.
Code:
Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 6 host/truenas.local@LOCAL 6 host/truenas.local@LOCAL 8 nfs/truenas.local@LOCAL 8 nfs/truenas.local@LOCAL
What I found mysterious is the following:
Rebooting the Linux client or the Linux server makes them fetch TGT and Ticket from the KDC (I can see that in the KDC logs).
On rebooting TrueNAS I don't see anything in the KDC logs. But a reboot deletes the keytab I copyied to /etc.
What's going on? How can I use TrueNAS as a kerberized NFS server?
Regards,
Chris
