Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 08 Feb 2013 12:22:10 +1100
From:      John Marshall <john.marshall@riverwillow.com.au>
To:        Janusz Bulik <januszbulik@googlemail.com>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: NFSv4 + Kerberos permission denied
Message-ID:  <51145342.5090809@riverwillow.com.au>
In-Reply-To: <CAMFg4WvJrzT7KB-4W_JnHH9CcPiK%2BcWHp6KJPEZg=-K2Cb-QzQ@mail.gmail.com>
References:  <CAMFg4WvJrzT7KB-4W_JnHH9CcPiK%2BcWHp6KJPEZg=-K2Cb-QzQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig72B2A21D8F8BB4EA1336D655
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

On 08/02/2013 01:05, Janusz Bulik wrote:
> Hello,
> I've got a little problem with NFSv4 + Kerberos. I can do a mount with
> Kerberos with a valid ticket, but read-only.
> After the mount -vvv -t nfs -o nfsv4,sec=3Dkrb5 nfsserver:/ /mount_test=
/

> I got "Permission denied" message when I try to mkdir or rm. As a root
> mount and as a user mount (sysctl vfs.usermounts=3D1).
> With -sec=3Dsys it works read-write, but with -sec=3Dkrb5 read-only..

Am I right in supposing that you have never had this working?

What you describe sounds symptomatic of nfsuserd not running - see
nfsv4(4). sec=3Dsys doesn't need nfsuserd to "work" but sec=3Dkrb5 does. =
If
you mount with sec=3Dkrb5 and "ls -l /mount_test/" do you see in the
listing the user and group names you expect, or just a bunch of numbers?
The read-only access is probably what the filesystem permissions allow
to "other" because, without nfsuserd, it can't map your kerberos
principal to a uid.

Of course, I could be wrong...

--=20
John Marshall


--------------enig72B2A21D8F8BB4EA1336D655
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlEUU0sACgkQw/tAaKKahKLtEgCeNdCZMo3GeBCJuGXdwNh1tcYi
vuUAn0+jQsvinuNOLj6jb1mgKB49S0td
=Cdtz
-----END PGP SIGNATURE-----

--------------enig72B2A21D8F8BB4EA1336D655--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51145342.5090809>