Solved: access denied while mounting nfs with krb5p - Page 2

magoyal · ‎01-02-2019

Hi Team, when i am trying to setup nfs server with krb5p then it gives me error "access denied while mounting server1:/nfs"

steps that i have done:-

server side

1:- firewall-cmd --add-port=0-65535/tcp --permanent

2: -firewall-cmd --reload

3:- yum install nfs* -y

4:- systemctl restart/enable nfs-server

5:- downlaoded the krb5.keytab in /etc

6:- systemctl restart/enable nfs-secure-server

7:- done entry in /etc/exports eg: /nfs desktop1(rw,sec=krb5p)

8:- exportfs -avf

at client

mkdir /mnt/nfs

yum install nfs*

download the krb5.keytab in /etc

systemctl restart/enable nfs-secure

mount -o sec=krb5p server1:/nfs /mnt/nfs

then it gives me error

access denied while mounting

what can be the reason

williamwlk · ‎01-04-2019

Hi @magoyal

<Quote>

got the solution, need to do entry in /etc/sysconfig/nfs RPCNFSDARGS="-V 4.2" .

</Unquote>

I'm sorry to be the bearer of bad news but I am pretty sure that is not the root cause or solution of your issue and that has nothing to do with your "Access Denied" Stuff.

What this [ RPCNFSDARGS="-V 4.2" ] does is it gives you a facility to export SELinux Labels along with other features. What it essentially means it that with or without it, your nfs mount should work.

Per experience, with kerberos, both your server and desktop should be in sync in terms of time reference aka ntp should be enabled and in sync in both the server and desktop. (#timedatectl should give you (NTP enabled: yes).

I'd strongly suggest you please re-evaluate your answer and solution and your lab again.

The following step you did made me wonder why you did what you did.

<Quote>

server side

1:- firewall-cmd --add-port=0-65535/tcp --permanent

</Unquote>

It is not a wise move, you know. What you did is half the equivalent of

# systemctl stop firewalld.service

For your case (nfsv4), all you have to do is :

# firewall-cmd --add-service=nfs --permanent

# firewall-cmd --reload

In addition, what @LesCorbett suggested you to temprorabily make SELinux "permissive" is to try and see if your issue has anything to do with SELinux and to do a dirty quick check.

Hope this helps.

Regards,
Will

magoyal · ‎01-05-2019

Hi @williamwlk

both my system time is syncing with ntp server, sellinux is in permissive mode,,

# firewall-cmd --add-service=nfs --permanent

# firewall-cmd --reload

also this time i didn't make any changes in conf file of nfs. still while mounting i am getting error "access denied while mounting"

williamwlk · ‎01-05-2019

Hi @magoyal

From the desktop, can you do this?

# mount -t nfs -o sec=krb5p serverX:/ /mnt/yourmountpoint

If successful, please let me know the ls -al outpout under /mnt/yourmountpoint.

This is to probe the exported filesystems in nfsv4 style.

From the server, can you do this while you are attempting to do the above?

# tail -f /var/log/messages

And give me the output.

And last but not least, if you are doing a lab, you should do some lab setup such as:

# lab nfskrb5 setup

This wil install the ldap/kerberos backend/frontend etc.

Thanks and regards,
Will

magoyal · ‎01-05-2019

Hi @williamwlk

i am using the RHCE online Lab. with same setup i.e lab nfskrb5 setup.

I am performing this using lab excercise provided in the course content. but still facing this issue. sometime it get mouted perfectly and some time it give me error "access denied while mounting."

williamwlk · ‎01-05-2019

Hi @magoyal

I guessed it too re your online lab environment and It is of paramount importance that you follow the lab or guided exercises instructions precisely.

I have a sneaky feeling that you did not per the steps you mentioned in your original post.

If so mentioned, you should full reset your server and desktop.

You need a controlled environment to meet your lab or learning objective.

What I wanted to point out was that you need to know the objectives vs the actual outcomes of your actions around your lab.

I can help you through this difficult time if you are patient and determined.

Regards,
Will