cancel
Showing results for 
Search instead for 
Did you mean: 
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 7,926 Views

access denied while mounting nfs with krb5p

Jump to solution

Hi Team, when i am trying to setup nfs server with krb5p then it gives me error "access denied while mounting server1:/nfs"

steps that i have done:-

server side

1:- firewall-cmd --add-port=0-65535/tcp --permanent

2: -firewall-cmd --reload

3:- yum install nfs* -y

4:- systemctl restart/enable nfs-server

5:- downlaoded the krb5.keytab in /etc

6:- systemctl restart/enable nfs-secure-server

7:- done entry in /etc/exports  eg: /nfs   desktop1(rw,sec=krb5p)

8:- exportfs -avf

at client

mkdir /mnt/nfs

yum install nfs*

download the krb5.keytab in /etc

systemctl restart/enable nfs-secure

mount -o sec=krb5p server1:/nfs /mnt/nfs

 

then it gives me error 

access denied while mounting

 

what can be the reason

 

0 Kudos
1 Solution

Accepted Solutions
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 6,834 Views

got the solution, need to do entry in /etc/sysconfig/nfs RPCNFSDARGS="-V 4.2" .

View solution in original post

0 Kudos
14 Replies
Scott
Starfighter Starfighter
Starfighter
  • 6,901 Views

I would suggest validating the keytab.  Often, I see students using the wrong option and as a result they save the "OUTPUT" of wget to the file, rather than downloading the keytab file as an output.  Specifically, they confuse -o with -O, be sure to use the right one.

-STM

--
Manager, Technical Marketing
Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
0 Kudos
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 6,899 Views

i used -O only eg:- wget -O /etc/krb5.keytab www.xyz.com/server1.keytabs

0 Kudos
Scott
Starfighter Starfighter
Starfighter
  • 6,897 Views

Anything more descriptive in one of the logs like /var/log/messages or /var/log/secure?  that may direct your search further.

-STM

--
Manager, Technical Marketing
Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
0 Kudos
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 6,887 Views

i am using this in RedHat online lab .

 

0 Kudos
Scott
Starfighter Starfighter
Starfighter
  • 6,874 Views

That doesn't change my suggestion of next steps.

-STM

--
Manager, Technical Marketing
Red Hat Enterprise Linux
Red Hat Certified Engineer (100-000-264)
0 Kudos
Traxtopel
Flight Engineer Flight Engineer
Flight Engineer
  • 6,870 Views

Did you perform a restorecon on that file?

0 Kudos
  • 6,845 Views

I agree with Traxtopel's line of thinking. disable selinux to see if there's a context issue.

1. check if selinux is enforcing

# getenforce

# Enforcing

2. if so, temporarily disable

# setenforce 0

#getenforce

# Permissive

then try again

0 Kudos
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 6,840 Views

if I do this in permissive mode. then what is the meaning of security.  while doing setup of nfs with krb5p  i run this command also setsebool -P nfs_export_all_rw=1

0 Kudos
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 6,835 Views

got the solution, need to do entry in /etc/sysconfig/nfs RPCNFSDARGS="-V 4.2" .

0 Kudos
Join the discussion
You must log in to join this conversation.