0

Platform: CentOS release 5.5

Installed the kb5-libs , krb5-server krb5-workstation in the NFS Server. The NFS Server IP and Machine IP are different.

Machine IP : 172.xx.xx.xx NFS Server IP: 169.254.xx.xx

Installed the rpcidmapd and rpcgssd , nfsd, portmap , ntpd

Setup the /etc/krb5.conf

[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log

[libdefaults] default_realm = KRBNFS.NET default_keytab_name = FILE:/etc/krb5.keytab dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes allow_weak_crypto = true

[realms] KRBNFS.NET = { kdc = nfsserver.krbnfs.net:88 admin_server = nfsserver.krbnfs.net:749 default_domain = krbnfs.net }

[domain_realm] .krbnfs.net = KRBNFS.NET krbnfs.net = KRBNFS.NET

[appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }

[kdc] profile = /var/kerberos/krb5kdc/kdc.conf

Here: /etc/hosts 169.254.xx.xx nfsserver.krbnfs.net krbnfs.net 169.254.xx.xx nfsclient.krbnfs.net

Note: If I use the same IP without Kerberos then mount works fine.

/var/kerberos/krb5kdc/kdc.conf [kdcdefaults] v4_mode = nopreauth kdc_tcp_ports = 88

[realms] KRBNFS.NET = { #master_key_type = des3-hmac-sha1 acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-c }

/var/kerberos/krb5kdc/kadm5.acl root/admin@KRBNFS.NET *

hostname Machine Name : Centos-5

cat /etc/resolv.conf search localdomain nameserver 127.0.0.1

Kernel modules installed rpcsec_gss_krb5 41480 0 auth_rpcgss 75296 2 rpcsec_gss_krb5,nfsd sunrpc 176968 15 rpcsec_gss_krb5,nfsd,nfs_acl,auth_rpcgss,lockd

Added Principal root/admin@KRBNFS.NET nfs/nfsserver.krbnfs.net nfs/nfsclient.krbnfs.net

kinit to root/admin

ktadd to root/admin@KRBNFS.NET , nfs/nfsserver.krbnfs.net , nfs/nfsclient.krbnfs.net

/usr/kerberos/bin/klist
Ticket cache: FILE:/tmp/krb5cc_0 Default principal: root/admin@KRBNFS.NET

Valid starting Expires Service principal 01/20/07 23:43:58 01/21/07 23:43:58 krbtgt/KRBNFS.NET@KRBNFS.NET

Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached

In the NFS Client side, Installed the rpc.gssd and kernel modules. Setup the Keytab file similar to that in server.

hostname localhost

In the /etc/exports /test nfsclient.krbnfs.net(rw,insecure,no_root_squash,async,sec=krb5)

On trying mount getting error as [root@localhost(5) ~]# mount -vvvv -t nfs -o sec=krb5,rw nfsserver.krbnfs.net:/test /mpc_tst
mount: trying 169.254.2.254 prog 100003 vers 3 prot tcp port 2049 mount: trying 169.254.2.254 prog 100005 vers 3 prot udp port 32767 mount.nfs: Permission denied [root@localhost(5) ~]#

If you need more info to help me kindly post. I can share more details. Also, need help if the NFS v3 Kerberos configuration is OK ?

BRAJU
  • 1
  • 2
    CentOS 5 is EOL. Upgrade to something newer. – Sven Dec 18 '18 at 10:17
  • The product is operational and hence we cannot upgrade the operating system. But by looking at the configuration can you suggest some solution. Kindly note, I do not have a DNS setup – BRAJU Dec 18 '18 at 11:29

0 Answers0