Date: Fri, 08 Feb 2013 12:22:10 +1100 From: John Marshall <john.marshall@riverwillow.com.au> To: Janusz Bulik <januszbulik@googlemail.com> Cc: freebsd-stable@freebsd.org Subject: Re: NFSv4 + Kerberos permission denied Message-ID: <51145342.5090809@riverwillow.com.au> In-Reply-To: <CAMFg4WvJrzT7KB-4W_JnHH9CcPiK%2BcWHp6KJPEZg=-K2Cb-QzQ@mail.gmail.com> References: <CAMFg4WvJrzT7KB-4W_JnHH9CcPiK%2BcWHp6KJPEZg=-K2Cb-QzQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig72B2A21D8F8BB4EA1336D655 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable On 08/02/2013 01:05, Janusz Bulik wrote: > Hello, > I've got a little problem with NFSv4 + Kerberos. I can do a mount with > Kerberos with a valid ticket, but read-only. > After the mount -vvv -t nfs -o nfsv4,sec=3Dkrb5 nfsserver:/ /mount_test= / > I got "Permission denied" message when I try to mkdir or rm. As a root > mount and as a user mount (sysctl vfs.usermounts=3D1). > With -sec=3Dsys it works read-write, but with -sec=3Dkrb5 read-only.. Am I right in supposing that you have never had this working? What you describe sounds symptomatic of nfsuserd not running - see nfsv4(4). sec=3Dsys doesn't need nfsuserd to "work" but sec=3Dkrb5 does. = If you mount with sec=3Dkrb5 and "ls -l /mount_test/" do you see in the listing the user and group names you expect, or just a bunch of numbers? The read-only access is probably what the filesystem permissions allow to "other" because, without nfsuserd, it can't map your kerberos principal to a uid. Of course, I could be wrong... --=20 John Marshall --------------enig72B2A21D8F8BB4EA1336D655 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlEUU0sACgkQw/tAaKKahKLtEgCeNdCZMo3GeBCJuGXdwNh1tcYi vuUAn0+jQsvinuNOLj6jb1mgKB49S0td =Cdtz -----END PGP SIGNATURE----- --------------enig72B2A21D8F8BB4EA1336D655--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51145342.5090809>