> I'm trying to setup a nfs server which uses the kerberized rpc
> header, so to overcome the problem with 16 groups:
>
> http://www.mail-archive.com/freebsd-stable@freebsd.org/msg109809.html
>
>
> FreeBSD 8 amd64 stable last (yesterday)
>
> Following the man page for nfsv4 I have compiled the kernel with
> -----
> options KGSSAPI
> device crypto
> -----
>
> My files:
>
>
> /etc/exports
> -----
> V4: /mydir -sec=krb5:krb5i:krb5p -network 192.168.0 -mask
> 255.255.255.0
You also need an entry for the file system ("/mydir" ??) like:
/mydir -sec=krb5:krb5i:krb5p -network 192.168.0.0 -mask 255.255.255.0
(The V4: line only sets where the NFSv4 root is, it does not
actually export the file system, so something like the above line
is needed as well.)
>
> /etc/rc.conf
> -----
> ...
> nfs_server_enable="YES"
> nfsv4_server_enable="YES"
> nfsuserd_enable="YES"
> gssd_enable="YES"
> ...
> -----
>
> All daemons start ok, but in the logs I see:
> nfsd[...]: no gssd, using AUTH_SYS only
>
> Even though gssd is up and running.
>
You need an entry in your default keytab file (/etc/krb5.keytab)
for the principal:
nfs/<server.domain>@<YOUR.REALM>
using encryption type des-cbc-crc.
If you don't have that, it might explain why it isn't working.
Check /var/log/messages for any indications that there is
a problem.
Also, you might want to look at
http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup
if you haven't done so already.
Good luck with it, rick
ps: Kerberized NFS works for NFSv3 as well.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
