magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 3,444 Views

access denied while mounting nfs with krb5p

Jump to solution

Hi Team, when i am trying to setup nfs server with krb5p then it gives me error "access denied while mounting server1:/nfs"

steps that i have done:-

server side

1:- firewall-cmd --add-port=0-65535/tcp --permanent

2: -firewall-cmd --reload

3:- yum install nfs* -y

4:- systemctl restart/enable nfs-server

5:- downlaoded the krb5.keytab in /etc

6:- systemctl restart/enable nfs-secure-server

7:- done entry in /etc/exports  eg: /nfs   desktop1(rw,sec=krb5p)

8:- exportfs -avf

at client

mkdir /mnt/nfs

yum install nfs*

download the krb5.keytab in /etc

systemctl restart/enable nfs-secure

mount -o sec=krb5p server1:/nfs /mnt/nfs

 

then it gives me error 

access denied while mounting

 

what can be the reason

 

0 Kudos
1 Solution

Accepted Solutions
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 3,369 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

got the solution, need to do entry in /etc/sysconfig/nfs RPCNFSDARGS="-V 4.2" .

View solution in original post

0 Kudos
Reply
Loading...
14 Replies
Scott
Starfighter Starfighter
Starfighter
  • 3,436 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

I would suggest validating the keytab.  Often, I see students using the wrong option and as a result they save the "OUTPUT" of wget to the file, rather than downloading the keytab file as an output.  Specifically, they confuse -o with -O, be sure to use the right one.

-STM

--
Principle Technical Marketing Manager, Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
0 Kudos
Reply
Loading...
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 3,434 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

i used -O only eg:- wget -O /etc/krb5.keytab www.xyz.com/server1.keytabs

0 Kudos
Reply
Loading...
Scott
Starfighter Starfighter
Starfighter
  • 3,432 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

Anything more descriptive in one of the logs like /var/log/messages or /var/log/secure?  that may direct your search further.

-STM

--
Principle Technical Marketing Manager, Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
0 Kudos
Reply
Loading...
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 3,422 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

i am using this in RedHat online lab .

 

0 Kudos
Reply
Loading...
Scott
Starfighter Starfighter
Starfighter
  • 3,409 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

That doesn't change my suggestion of next steps.

-STM

--
Principle Technical Marketing Manager, Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
0 Kudos
Reply
Loading...
Traxtopel
Flight Engineer Flight Engineer
Flight Engineer
  • 3,405 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

Did you perform a restorecon on that file?

0 Kudos
Reply
Loading...
LesCorbett
Cadet
Cadet
  • 3,380 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

I agree with Traxtopel's line of thinking. disable selinux to see if there's a context issue.

1. check if selinux is enforcing

# getenforce

# Enforcing

2. if so, temporarily disable

# setenforce 0

#getenforce

# Permissive

then try again

0 Kudos
Reply
Loading...
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 3,375 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

if I do this in permissive mode. then what is the meaning of security.  while doing setup of nfs with krb5p  i run this command also setsebool -P nfs_export_all_rw=1

0 Kudos
Reply
Loading...
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 3,370 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

got the solution, need to do entry in /etc/sysconfig/nfs RPCNFSDARGS="-V 4.2" .

View solution in original post

0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.