0

So, I've recently changed my network setup a bit, and for reasons I'm still trying to suss out replacing the old router with a new PFSense box appears to have broken the authentication within the network somehow. The network setup uses a Kerberos KDC (as part of a FreeIPA domain) to authenticate access to an NFSv4 fileshare.

It's a small home network, with the pfsense box doing DHCP and Basic DNS.

  • I've tested reverse lookups and IP addresses can correctly be resolved to hostnames, so it's not that.
  • Clocks are in sync on all machines.
  • Tickets seem to be retrieved just fine, and at least one other kerberos based service works (I have a webserver running Trac that also uses the KDC to log people on).

Logging with rpcdebug has turned up one error message that looks like a culprit, though the google search for this one doesn't turn up anything helpful.

Sep  8 19:00:34 weatherwax kernel: NFSD: warning: no callback path to client Linux NFSv4.2 stibbons.lan.deimos-legion.net: error -22
Adam Luchjenbroers
  • 218
  • 1
  • 2
  • 10

1 Answers1

0

Ok, still not quite sure what the actual issue was, but I strongly suspect it was down to some difference in how dnsmasq and unbound manage service records (under the dnsmasq setup I had managed to kludge into place some SRV records for Kerberos and LDAP, and I had attempted to do the same with unbound with limited success).

Tweaking the configuration so that everything is relying on explicit hostnames and not DNS SRV records has brought everything back online.

Adam Luchjenbroers
  • 218
  • 1
  • 2
  • 10