Originally Posted by
matt_symes
Hi
i will not attempt to help you today as the only Internet access is my phone.
however I will be near a PC tomorrow so I will post more then as I have a working Kerberos, nfs, DNS, dhcp setup.
firstly though, identify if this is a Kerberos issue by removing the sec parameters from the exports file and trying to mount the nfs share after restarting the nfs kernel server service. Try remounting after a reboot if that does not work.
That'll identify a Kerberos issue or not. I'm using the MIT version of Kerberos.
kind regards
So I disabled Kerberos on the shares:
/etc/exports
before:
Code:
/export *(rw,fsid=0,crossmnt,insecure,async,no_subtree_check,sec=krb5p:krb5i:krb5)
/export/home *(rw,insecure,async,no_subtree_check,sec=krb5p:krb5i:krb5)
after:
Code:
/export *(rw,fsid=0,crossmnt,insecure,async,no_subtree_check)
/export/home *(rw,insecure,async,no_subtree_check)
/etc/default/nfs-common
before:
Code:
# If you do not set values for the NEED_ options, they will be attempted
# autodetected; this should be sufficient for most people. Valid alternatives
# for the NEED_ options are "yes" and "no".
# Do you want to start the statd daemon? It is not needed for NFSv4.
NEED_STATD=
# Options for rpc.statd.
# Should rpc.statd listen on a specific port? This is especially useful
# when you have a port-based firewall. To use a fixed port, set this
# this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
STATDOPTS=
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD=yes
after:
Code:
# If you do not set values for the NEED_ options, they will be attempted
# autodetected; this should be sufficient for most people. Valid alternatives
# for the NEED_ options are "yes" and "no".
# Do you want to start the statd daemon? It is not needed for NFSv4.
NEED_STATD=
# Options for rpc.statd.
# Should rpc.statd listen on a specific port? This is especially useful
# when you have a port-based firewall. To use a fixed port, set this
# this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
# For more information, see rpc.statd(8) or http://wiki.debian.org/SecuringNFS
STATDOPTS=
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD=
/etc/default/nfs-kernel-server
before:
Code:
# Number of servers to start up
RPCNFSDCOUNT=8
# Runtime priority of server (see nice(1))
RPCNFSDPRIORITY=0
# Options for rpc.mountd.
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
RPCMOUNTDOPTS="--manage-gids"
# Do you want to start the svcgssd daemon? It is only required for Kerberos
# exports. Valid alternatives are "yes" and "no"; the default is "no".
NEED_SVCGSSD="yes"
# Options for rpc.svcgssd.
RPCSVCGSSDOPTS=""
# Options for rpc.nfsd.
RPCNFSDOPTS=""
after:
Code:
# Number of servers to start up
RPCNFSDCOUNT=8
# Runtime priority of server (see nice(1))
RPCNFSDPRIORITY=0
# Options for rpc.mountd.
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
RPCMOUNTDOPTS="--manage-gids"
# Do you want to start the svcgssd daemon? It is only required for Kerberos
# exports. Valid alternatives are "yes" and "no"; the default is "no".
NEED_SVCGSSD="no"
# Options for rpc.svcgssd.
RPCSVCGSSDOPTS=""
# Options for rpc.nfsd.
RPCNFSDOPTS=""
I rebooted the server and the test client. For consistency, I attempted login from the terminal, and the system again reported that no home directory was available. I stopped the autofs daemon and manually remounted the drive:
Code:
sudo service autofs stop
sudo mount -t nfs main1.test.local:/export/home home
It did take some time, but it mounted. At that point, I was able to login to another virtual terminal without issue, and subsequently I was able to login to the graphical prompt, with all files populating properly.
Bookmarks