# NFS (v3) with Kerberos + Fileaccess = Permission denied



## dhaag (Apr 25, 2013)

Hello,

I'm actually trying to mount an share from FreeBSD 9.1 on an other system with FreeBSD 9.1 as client.
I have configured NFS (v3) with Kerberos and try to mount /home from the serversystem.
I'm also try mounting with Ubuntu 12.04 by the way.


Kerberos with NFSv3 (Server and Client) is basically working fine.
My /etc/exports looks like this:

```
root@kerberos:/root # cat /etc/exports
/ -alldirs -sec=krb5:krb5i:krb5p
```

Some strange thing is, that when I put two lines in NFSv3 format in the exports file, only the first one is recognized.

```
root@kerberos:/root # cat /etc/exports
/tmp/from -sec=krb5:krb5i:krb5p
/home/dhaag -sec=krb5:krb5i:krb5p
```
Mounting with two lines in exports file on FreeBSD client:

```
[root@dhaag ~]# mount -t nfs -o nfsv3,sec=krb5 kerberos:/home/dhaag /mnt/from/
[tcp] kerberos:/home/dhaag: Permission denied
```
At this point the command is blocking and nothing happens. I have to abort this with CTRL-C. No messages in /var/log/messages.


With only one line in exports file I can mount with the following command the shares on my FreeBSD clientsystem:
`mount -t nfs -o nfsv3,sec=krb5 kerberos:/home/dhaag /mnt/from/`
and on Ubuntu with this command:
`mount.nfs kerberos:/home/dhaag /mnt/ -v -o sec=krb5p,vers=3`

After mounting I am able to list all files in the mountpoint or cd to the path. I also get both tickets from Kerberos:
Note: I have changed the Domainname for privacy reason.

```
[dhaag@dhaag ~]$ kinit
dhaag@EXAMPLE.COM's Password: 
[dhaag@dhaag ~]$ klist
Credentials cache: FILE:/tmp/krb5cc_1002
        Principal: dhaag@EXAMPLE.COM

  Issued           Expires          Principal
Apr 25 08:48:36  Apr 25 18:47:27  krbtgt/EXAMPLE.COM@EXAMPLE.COM
Apr 25 08:49:10  Apr 25 18:47:27  nfs/kerberos.example.com@EXAMPLE.COM
```

The uid and gid (the same on server and client) and all rights looks great:

```
[dhaag@dhaag ~]$ ls -lh /mnt/from/
total 8
drwxr-xr-x  2 dhaag  verlag   512B Apr 25 08:42 test
[dhaag@dhaag ~]$ cd /mnt/from/ 
[dhaag@dhaag /mnt/from]$
```

The problem is happening when I try to write-access the files in the mountpoint (FreeBSD client):

```
[dhaag@dhaag /mnt/from]$ mv test test2
mv: rename test to test2: Permission denied
[dhaag@dhaag /mnt/from]$ touch foo
touch: foo: Permission denied
[dhaag@dhaag /mnt/from]$ rmdir test
rmdir: test: Permission denied
[dhaag@dhaag /mnt/from]$
```

Same on Ubuntu 12.04 client:

```
dhaag@dhaag2:/mnt$ mv test test2
mv: das Verschieben von Â»testâ€œ nach Â»test2â€œ ist nicht mÃ¶glich: Keine Berechtigung
dhaag@dhaag2:/mnt$ rmdir test
rmdir: konnte Â»testâ€œ nicht entfernen: Keine Berechtigung
dhaag@dhaag2:/mnt$ touch foo
touch: Â»fooâ€œ kann nicht berÃ¼hrt werden: Keine Berechtigung
dhaag@dhaag2:/mnt$
```

There are no entries in /var/log/messages neither server nor client. Also in the Ubuntu 12.04 clients /var/log/syslog is no
entry seen.


I'm running out of ideas were to look next.

Maybe on of you has a hint for me, this would be great.

Thanks for your effort/help.

dhaag


----------

