我正在尝试安装 krb5p NFS 导出。为此,我遵循了这些说明。
线路输入/etc/exports:
/home/users 192.168.1.0/24(rw,sec=krb5p,no_subtree_check,nohide,async,anonuid=65534,anongid=65534)
当我尝试在客户端上安装时,我得到:
root@client:/home# mount -t nfs4 -o sec=krb5p server:/home/users /home/users/ -vvv
mount: fstab path: "/etc/fstab"
mount: mtab path: "/etc/mtab"
mount: lock path: "/etc/mtab~"
mount: temp path: "/etc/mtab.tmp"
mount: UID: 0
mount: eUID: 0
mount: spec: "server:/home/users"
mount: node: "/home/users/"
mount: types: "nfs4"
mount: opts: "sec=krb5p"
mount: external mount: argv[0] = "/sbin/mount.nfs4"
mount: external mount: argv[1] = "server:/home/users"
mount: external mount: argv[2] = "/home/users/"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,sec=krb5p"
mount.nfs4: timeout set for Sun May 12 14:46:22 2013
mount.nfs4: trying text-based options 'sec=krb5p,addr=192.168.1.2,clientaddr=192.168.1.82'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting server:/home/users
然而,在服务器上我找不到任何相关的日志条目或任何说明访问被拒绝的原因的信息。
当将安全性从 更改krb5p为sys安装时,工作正常。
kinit但是对于 Kerberos 来说等等都可以正常工作。
我如何才能找出拒绝访问的原因?或者你知道我在这里做错了什么吗?
答案1
/etc/default/nfs-kernel-server通过编辑和添加如下-s选项,我能够在服务器上获取一些更有意义的消息:rpc.nfsd
# Options for rpc.nfsd.
RPCNFSDOPTS="-s"
当尝试进行安装时,它给了我以下输出:
May 12 19:59:48 server krb5kdc[2704]: AS_REQ (4 etypes {18 17 16 23}) 192.168.1.62: NEEDED_PREAUTH: nfs/client.localdomain@REALM for krbtgt/REALM@REALM, Additional pre-authentication required
May 12 19:59:48 server krb5kdc[2704]: preauth (encrypted_timestamp) verify failure: Decrypt integrity check failed
May 12 19:59:48 server krb5kdc[2704]: AS_REQ (4 etypes {18 17 16 23}) 192.168.1.62: PREAUTH_FAILED: nfs/client.localdomain@REALM for krbtgt/REALM@REALM, Decrypt integrity check failed
不确定这是否真的对我有帮助,但这是前进了一步。