Unable to mount kerberized nfs?

Ahmad Moawad asked:

I want to configure kerberized nfs, and export /data/books
I have 3 servers: ipa, server, client
I configured ipa and added nfs service.
My Steps are:

  • In ipa:

    ipa service-show nfs/server.linux.rhce.com
    ipa-getkeytab -s ipa.linux.rhce.com -p nfs/server.linux.rhce.com  -k /etc/krb5.keytab
  • In server:

    scp ipa:/etc/krb5.keytab /etc/krb5.keytab
    semanage fcontext -a -t krb5_keytab_t /etc/krb5.keytab
    restorecon -R /etc/krb5.keytab 
    systemctl start nfs-server
    firewall-cmd --permanent --add-service=nfs
    firewall-cmd --permanent --add-service=mountd
    firewall-cmd --permanent --add-service=rpc-bind
    firewall-cmd --reload

    And in /etc/exports

    /data/books   *(sec=krb5p,rw,no_root_squash)
  • In cleint:

    scp ipa:/etc/krb5.keytab /etc/krb5.keytab
    semanage fcontext -a -t krb5_keytab_t /etc/krb5.keytab
    restorecon -R /etc/krb5.keytab

    When I tried to mount the /book/data on the client

    mount -o sec=krb5 server:/data/books /mnt

    I got this message:

    mount.nfs: an incorrect mount option was specified

Any help!

My answer:

In /etc/exports you specified sec=krb5p, so that all traffic will be authenticated and encrypted.

But in your mount command, you specified sec=krb5, but this does not match. This must be the same as the option given in /etc/exports.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.