williamwlk
Flight Engineer Flight Engineer
Flight Engineer
  • 1,104 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

Hi @magoyal

<Quote>

got the solution, need to do entry in /etc/sysconfig/nfs RPCNFSDARGS="-V 4.2" .

</Unquote>

I'm sorry to be the bearer of bad news but I am pretty sure that is not the root cause or solution of your issue and that has nothing to do with your "Access Denied" Stuff. 

What this [ RPCNFSDARGS="-V 4.2"  ] does is it gives you a facility to export SELinux Labels along with other features. What it essentially means it that with or without it, your nfs mount should work.

Per experience, with kerberos, both your server and desktop should be in sync in terms of time reference aka ntp should be enabled and in sync in both the server and desktop.  (#timedatectl should give you (NTP enabled: yes).

I'd strongly suggest you please re-evaluate your answer and solution and your lab again. 

The following step you did made me wonder why you did what you did.

<Quote>

server side

1:- firewall-cmd --add-port=0-65535/tcp --permanent

</Unquote>

It is not a wise move, you know. What you did is half the equivalent of 

# systemctl stop firewalld.service
  

For your case (nfsv4), all you have to do is :

# firewall-cmd --add-service=nfs --permanent

# firewall-cmd --reload

 

In addition, what @LesCorbett suggested you to temprorabily make SELinux "permissive" is to try and see if your issue has anything to do with SELinux and to do  a dirty quick check.

Hope this helps.

Regards,
Will

Reply
Loading...
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 1,088 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

Hi @williamwlk

both my system time is syncing with ntp server, sellinux is in permissive mode,,

# firewall-cmd --add-service=nfs --permanent

# firewall-cmd --reload

also this time i didn't make any changes in conf file of nfs. still while mounting i am getting error "access denied while mounting"

0 Kudos
Reply
Loading...
williamwlk
Flight Engineer Flight Engineer
Flight Engineer
  • 1,086 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

Hi @magoyal

From the desktop, can you do this?

# mount -t nfs -o sec=krb5p serverX:/ /mnt/yourmountpoint

If successful, please let me know the ls -al outpout under /mnt/yourmountpoint.

This is to probe the exported filesystems in nfsv4 style.

From the server, can you do this while you are attempting to do the above?

# tail -f /var/log/messages

And give me the output.

And last but not least, if you are doing a lab, you should do some lab setup such as:

# lab nfskrb5 setup

This wil install the ldap/kerberos backend/frontend etc.

Thanks and regards,
Will

 

0 Kudos
Reply
Loading...
magoyal
Flight Engineer Flight Engineer
Flight Engineer
  • 1,078 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

Hi @williamwlk

i am using the RHCE online Lab. with same setup i.e lab nfskrb5 setup.

I am performing this using lab excercise provided in the course content. but still facing this issue. sometime it get mouted perfectly and some time it give me error "access denied while mounting." 

0 Kudos
Reply
Loading...
williamwlk
Flight Engineer Flight Engineer
Flight Engineer
  • 1,076 Views

Re: access denied while mounting nfs with krb5p

Jump to solution

Hi @magoyal

I guessed it too re your online lab environment and It is of paramount importance that you follow the lab or guided exercises instructions precisely. 

I have a sneaky feeling that you did not per the steps you mentioned in your original post.

If so mentioned, you should full reset your server and desktop. 

You need a controlled environment to meet your lab or learning objective. 

What I wanted to point out was that you need to know the objectives vs the actual outcomes of your actions around your lab.

I can help you through this difficult time if you are patient and determined.

Regards,
Will

 

0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.