3

I want to configure kerberized nfs, and export /data/books I have 3 servers: ipa, server, client I configured ipa and added nfs service. My Steps are:

  • In ipa:

    ipa service-show nfs/server.linux.rhce.com
ipa-getkeytab -s ipa.linux.rhce.com -p nfs/server.linux.rhce.com  -k /etc/krb5.keytab

  • In server:

    scp ipa:/etc/krb5.keytab /etc/krb5.keytab
semanage fcontext -a -t krb5_keytab_t /etc/krb5.keytab
restorecon -R /etc/krb5.keytab 
systemctl start nfs-server
firewall-cmd --permanent --add-service=nfs
firewall-cmd --permanent --add-service=mountd
firewall-cmd --permanent --add-service=rpc-bind
firewall-cmd --reload

    And in /etc/exports

    /data/books   *(sec=krb5p,rw,no_root_squash)

  • In cleint:

    scp ipa:/etc/krb5.keytab /etc/krb5.keytab
semanage fcontext -a -t krb5_keytab_t /etc/krb5.keytab
restorecon -R /etc/krb5.keytab

    When I tried to mount the /book/data on the client

    mount -o sec=krb5 server:/data/books /mnt

    I got this message:

    mount.nfs: an incorrect mount option was specified

Any help!

heaprc
  • 163
  • 3
  • 12
  • 1
    `nfs4` does not require any other service to be exposed to the network. You can remove the holes you've added for `mountd` and `rpc-bind`. – 84104 Mar 11 '17 at 07:17
  • 1
    the reason for that I want to use showmount in nfs-client. – heaprc Mar 11 '17 at 07:46

1 Answers1

3

In /etc/exports you specified sec=krb5p, so that all traffic will be authenticated and encrypted.

But in your mount command, you specified sec=krb5, but this does not match. This must be the same as the option given in /etc/exports.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940