Hi François,

I was able to achieve a small success with manual mounting. Instead of the following mount command:

mount -t nfs4 -o sec=krb5 nfs-server.example.com:/ /<mountpoint>

I changed this up to:

mount -t nfs4 -o sec=krb5i nfs-server.example.com:/ /<mountpoint>

with that at least every user can access all directories and files from the workstation's mountpoint.

I will create the necessary log files and make them, as soon as possible, available.

François Cami <fcami@redhat.com> hat am 18. März 2020 um 18:53 geschrieben:


Hi,

On Wed, Mar 18, 2020 at 4:37 PM Markus Roth via FreeIPA-users
<freeipa-users@lists.fedorahosted.org> wrote:
>

Hi Daniel,

thanks for pointing out the faulty mounting options. I changed it, but the nfs share is not still mounted.

I also checked IPA service principal for NFS and both server and client principals exists. I delete all configurations and setup this step by step as described at redhat doc again.

Can you show how your automount entries look like in LDAP?
We also need sssd debug logs. Put debug level to 6 or more, restart
sssd and trigger the issue again.

Thank you,
François

Regards / Mit freundlichen Grüßen,

Markus Roth

>

dbischof@hrz.uni-kassel.de hat am 16. März 2020 um 09:23 geschrieben:

>

Hi Markus,

On Sun, 15 Mar 2020, Markus Roth via FreeIPA-users wrote:

I configured an automount location in my freeipa:

#>automount -m

autofs dump map information
===========================

global options: none configured
Mount point: /-

source(s):
100000000|lookup_read_map: lookup(sss): getautomntent_r: No such file or directory
failed to read map

Mount point: /Share

source(s):

instance type(s): sss
map: auto.public

public | -fstype=nfs4,rw.sec=krb5,soft,rsize=8192,rsize=8192 nfs.example.com:/
The /etc/exports on my nfs server looks as follows:
/export/data *(rw,fsid=0,sec=krb5:krb5i:krb5p)
When I mount the nfs share with the root user on the client:

kinit <user>
mount -vvv -t nfs4 -o sec=krb5 idefix.example.com:/ /Share

The root user can access the files mounted on the /Share directory
But the <user> itself get the message:
"access denied"

automount the share on the directory failed. Nothing is mounted.

Any hints to solve this will be appreciated!

>

are you positively sure that you have a properly configured IPA service
principal for NFS? Last time i had this, i simply forgot that. Also, there is
a suspiciously looking dot in your mount options ("... rw.sec=krb5 ...").

>

Mit freundlichen Gruessen/With best regards,

--Daniel.

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org