nfsv4 fails with kerberos
Rick Macklem
rmacklem at uoguelph.ca
Sat Sep 7 11:50:08 UTC 2013
Martin Laabs wrote:
> Hi,
>
> I set up a nfsv4 server with kerberos but when starting the nfs
> server on
> the arm (RBI-B) board I get the following error message and the first
> (managing part) of the nfs exits:
>
> "nfsd: can't register svc name"
>
> This error message is produced by the following code in
> /usr/src/sys/fs/nfsserver/nfs_nfsdkrpc.c:
>
>
> ==================:<=======================
> /* An empty string implies AUTH_SYS only. */
> if (principal[0] != '\0') {
> ret2 = rpc_gss_set_svc_name_call(principal,
> "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER2);
> ret3 = rpc_gss_set_svc_name_call(principal,
> "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER3);
> ret4 = rpc_gss_set_svc_name_call(principal,
> "kerberosv5", GSS_C_INDEFINITE, NFS_PROG, NFS_VER4);
>
> if (!ret2 || !ret3 || !ret4)
> printf("nfsd: can't register svc name\n");
> ==================:<=======================
>
> So something went wrong with the principals. Is there a way to get
> more
> information or more verbose debugging output from the nfs-server part
> of
> the kernel?
>
The above message normally indicates that the gssd daemon isn't running.
Here's a few places you can get info:
man nfsv4, gssd
http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup
- This was done quite a while ago and I should ggo in and update it,
but I think it is still mostly correct for server side. (The client
in head/10 now does have "host based initiator cred" support.)
Feel free to update it. All you should need to do so is a Google
login.
You need a service principal for "nfs", which means an entry for a
principal that looks like:
nfs/<server-hostname>.<dns-domain>@<DEFAULT-REALM>
(Stuff in "<>" needs to be filled in with the answer for your machine.)
in /etc/krb5.keytab i the server.
rick
> Thank you,
> Martin Laabs
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to
> "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list