[OmniOS-discuss] nfs server with kerberos

Natxo Asenjo natxo.asenjo at gmail.com
Mon Apr 1 17:10:33 EDT 2013 

hi,

in a test lab I have joined a omnios vm to a ipa (kerberos/ldap) domain.

this is the omnios version:

# uname -a
SunOS testomnios 5.11 omnios-df542ea i86pc i386 i86pc Solaris

Kerberos authentication works and I can use ldap to search users, getent
passwd etc works fine.

I have created an nfs service principal name for the host and added them to
the systems' keytab:

# klist -k
Keytab name: FILE:/etc/krb5/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
   1 nfs/testomnios.ipa.asenjo.nx at IPA.ASENJO.NX
   1 nfs/testomnios.ipa.asenjo.nx at IPA.ASENJO.NX
   1 nfs/testomnios.ipa.asenjo.nx at IPA.ASENJO.NX
   1 nfs/testomnios.ipa.asenjo.nx at IPA.ASENJO.NX
   2 host/testomnios.ipa.asenjo.nx at IPA.ASENJO.NX
   2 host/testomnios.ipa.asenjo.nx at IPA.ASENJO.NX
   2 host/testomnios.ipa.asenjo.nx at IPA.ASENJO.NX
   2 host/testomnios.ipa.asenjo.nx at IPA.ASENJO.NX

I have followed the docs here:
http://docs.oracle.com/cd/E23824_01/html/821-1456/setup-97.html

the file /etc/nfssec.conf looks like this:

# default security mode is defined at the end.  It should be one of
# the flavor numbers defined above it.
#
none            0       -       -       -       # AUTH_NONE
sys             1       -       -       -       # AUTH_SYS
dh              3       -       -       -       # AUTH_DH
#
# Uncomment the following lines to use Kerberos V5 with NFS
#
krb5            390003  kerberos_v5     default -               # RPCSEC_GSS
krb5i           390004  kerberos_v5     default integrity       # RPCSEC_GSS
krb5p           390005  kerberos_v5     default privacy         # RPCSEC_GSS

default         1       -       -       -                       # default
is AUTH_SYS

and finally I try sharing the homedirs but I get this error:

# share -F nfs -o sec=krb5:krb5i:krb5p /export/home
Could not share: /export/home: invalid security type

# svcs -l nfs/server
fmri         svc:/network/nfs/server:default
name         NFS server
enabled      true
state        online
next_state   none
state_time   Mon Apr  1 23:06:09 2013
logfile      /var/svc/log/network-nfs-server:default.log
restarter    svc:/system/svc/restarter:default
contract_id  96
dependency   require_any/error svc:/milestone/network (online)
dependency   require_all/error svc:/network/nfs/nlockmgr (online)
dependency   optional_all/error svc:/network/nfs/mapid (online)
dependency   require_all/restart svc:/network/rpc/bind (online)
dependency   optional_all/none svc:/network/rpc/keyserv (online)
dependency   optional_all/none svc:/network/rpc/gss (online)
dependency   optional_all/none svc:/network/shares/group (multiple)
dependency   optional_all/none svc:/system/filesystem/reparse (online)
dependency   require_all/error svc:/system/filesystem/local (online)

How can troubleshoot this? I'm learning a lot about solaris, but still a
newbie.

TIA,
--
Groeten,
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20130401/929ff81b/attachment.html>

More information about the OmniOS-discuss mailing list