[31389] in Kerberos
nfs/kerberos problems
daemon@ATHENA.MIT.EDU (Chantal Rosmuller)
Tue Aug 18 10:53:02 2009
From: Chantal Rosmuller <chantal@antenna.nl>
To: kerberos@mit.edu
Date: Tue, 18 Aug 2009 12:00:14 +0200
MIME-Version: 1.0
Message-Id: <200908181200.14331.chantal@antenna.nl>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Hi list,
I cannot get nfs with kerberos working on my Ubuntu 8.04 servers, here's what I did:
first I installed nfs server on ubuntuhardy1 and client on ubuntuhardy2, nfs mounting from ubuntuhardy2 to ubuntuhardy1 without kerberos works
changed the following on /etc/default/nfs-kernel-server:
NEED_SVCGSSD=yesRPCSVCGSSDOPTS="-vvv"
then I installed ntp on both servers
On the nfs/kerberos server ubuntuhardy1
aptitude install krb5-admin-server krb5-kdc
edit /etc/hosts
127.0.0.1 ubuntuhardy1.localhost.network ubuntuhardy1 localhost 192.168.0.109 ubuntuhardy1.localhost.network 192.168.0.110 ubuntuhardy2.localhost.network
change hostname hostname ubuntuhardy1.localhost.network
edit /etc/krb5.conf
[libdefaults] default_realm = LOCALHOST.NETWORK[realms] LOCALHOST.NETWORK = { kdc = ubuntuhardy1.localhost.network admin_server = ubuntuhardy1.localhost.network default_domain = localhost.network } [domain_realm] localhost.network = LOCALHOST.NETWORK .localhost.network = LOCALHOST.NETWORK [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log change /etc/krb5kdc/kdc.conf:
[kdcdefaults] kdc_ports = 750,88[realms] LOCALHOST.NETWORK = { database_name = /var/lib/krb5kdc/principal admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab acl_file = /etc/krb5kdc/kadm5.acl key_stash_file = /etc/krb5kdc/stash kdc_ports = 750,88 max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = des3-hmac-sha1 supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3 default_principal_flags = +preauth }
create realm:
kdb5_util create -s
loading random data Initializing database '/var/lib/krb5kdc/principal' for realm 'LOCALHOST.NETWORK', master key name 'K/M@LOCALHOST.NETWORK' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key:
restarted kerberos
/etc/init.d/krb5-admin-server restart /etc/init.d/krb5-kdc restart Nu kunt u uw <meer> benaderen met het volegnde commando:
started kadmin
kadmin.local
aded user:
addprinc admin/admin
added Host key for the server:
addprinc -randkey host/ubuntuhardy1.localhost.network@LOCALHOST.NETWORK
add princial to local key table <meer>
ktadd host/ubuntuhardy1.localhost.network@LOCALHOST.NETWORK output: Entry for principal host/ubuntuhardy1.localhost.network@LOCALHOST.NETWORK with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/ubuntuhardy1.localhost.network@LOCALHOST.NETWORK with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.
edit /etc/exports
/var/www gss/krb5i(rw,sync) restarted nfs server
on the client ubuntuhardy2:
edit /etc/hosts
127.0.0.1 ubuntuhardy2.localhost.network ubuntuhardy2 localhost 192.168.0.110 ubuntuhardy2.localhost.network 192.168.0.109 ubuntuhardy1.localhost.network
install software
aptitude install krb5-user krb5-clients libpam-krb5
copied /etc/krb5.conf from server
tested kerberos access:
kinit admin/admin
and got this output:
Password for admin/admin@LOCALHOST.NETWORK:
logged in again on the SERVER
kadmin
added principal for client ubuntuhardy2
addprinc -randkey host/ubuntuhardy2.localhost.network addprinc -randkey nfs/ubuntuhardy2.localhost.networkclient
logged in on the client:
kinit admin/admin Password for admin/admin@LOCALHOST.NETWORK: r
add principal for client
kadmin: addprinc -randkey nfs/ubuntuhardy2.localhost.network WARNING: no policy specified for nfs/ubuntuhardy2.localhost.network@LOCALHOST.NETWORK; defaulting to no policy Principal “nfs/ubuntuhardy2.localhost.network@LOCALHOST.NETWORK” created. create key in keytab
kadmin: ktadd nfs/ubuntuhardy2.localhost.network Entry for principal nfs/ubuntuhardy2.localhost.network with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal nfs/ubuntuhardy2.localhost.network with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab. kadmin: quit
then I try to mount the nfs share
mount -t nfs -o sec=krb5 ubuntuhardy1.localhost.network:/var/www /mnt/websites/ I get
mount.nfs: access denied by server while mounting ubuntuhardy1.localhost.network:/var/www
and in /var/log/daemon.log on the server
ubuntuhardy1 mountd[1913]: mount request from unknown host 192.168.0.110 for /var/www (/var/www) Does anyone know what I am doing wrong?
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
