# Kerberos NFSv4, ser. gentoo (mit), cli. Arch (heim),

## maxime1986

Hello

I trie to configure nfsv4 with kerberos.

nfsv4 alone work well.

I followed : gentoo wiki and ubuntu NFSv4Howto

here is my configuration :

I only have 1 client and 1 server (same machine for nfs and kdc) without DNS (a simple LAN).

######## On the server :

/etc/krb5.conf :

```
[libdefaults]

   default_realm = NFSDOMAIN

[realms]

   NFSDOMAIN = {

      admin_server = max-server.nfsdomain

      default_domain = nfsdomain

                kdc = max-server.nfsdomain

        }

[domain_realm]

   .nfsdomain = NFSDOMAIN

   nfsdomain = NFSDOMAIN

[login]

   krb4_convert = false

   krb4_get_tickets = false

[logging]

   kdc = SYSLOG:INFO:DAEMON

   admin_server = SYSLOG:INFO:DAEMON

   default = SYSLOG:INFO:DAEMON

```

/etc/kdc.conf

```
[kdcdefaults]

   kdc_ports = 750,88

[realms]

   NFSDOMAIN = {

      database_name = /var/lib/krb5kdc/principal

      admin_keytab = FILE:/var/lib/krb5kdc/kadm5.keytab

      acl_file = /var/lib/krb5kdc/kadm5.acl

      key_stash_file = /var/lib/krb5kdc/.k5.NFSDOMAIN

      kdc_ports = 750,88

      max_life = 10h 0m 0s

      max_renewable_life = 7d 0h 0m 0s

   }

```

/var/lib/krb5kdc/kadm5.acl

```
*/admin@NFSDOMAIN *

```

top of the /etc/hosts

```

192.168.4.52   max-server.nfsdomain

192.168.4.53   max-laptop.nfsdomain

```

/etc/exports

```
/home/max gss/krb5(rw,async,fsid=0,no_root_squash,no_subtree_check)

```

mit-krb5kadmind and mit-krb5kdc are started, firewall is deactivate (for the test).

######## On the client :

/etc/krb5.conf is the same as on the server

top of the /etc/hosts

```

192.168.4.52    max-server.nfsdomain

192.168.4.53    max-laptop.nfsdomain

```

firewall is deactivate (for the test).

###########

But when I launch on the client : 

```
sudo mount -tnfs4 -osec=krb5 max-server.nfsdomain:/ /home/max/server
```

dmesg say :

```
RPC: AUTH_GSS upcall timed out.

Please check user daemon is running.
```

dmesg say nothing on the server.

Note : Client is an Archlinux with heimdal implementation of kerberos (but I think it's not important because it's nfs the kerberos client...)

Server is a Gentoo (with CONFIG_RPCSEC_GSS_KRB5=y ).

I am not a security expert I don't know what's wrong with my configuration ...

Could you help me please ??

Thank you in advance.

PS : sorry for my bad englishLast edited by maxime1986 on Wed Oct 28, 2009 2:29 am; edited 1 time in total

----------

## gerdesj

I'm not an expert but this: http://linux-nfs.org/pipermail/nfsv4/2006-October/005197.html mentions quite a few things to look into.

Cheers

Jon

----------

