[Freeipa-users] ipa-client-automount troubles

[Sami Hulkko via FreeIPA-users]

Hi,

I lately have tried to get the autofs working with bit of trouble. I 
have a following setup:

ipa-autofs:

default

- auto.master

  - <mount point at client>   auto.home

- auto.home

  -*    <path on server>/&

nfs-server:

<path to share> gss/krb5i(rw,sync,no_subtree_check,no_root_squash)

ipa:

service nfs/<server fqdn>

service nfs/<client fqdn>

and copied to server/client

all services running and if I (root): ls /<mountpoint of homes>/<user 
home folder>

it should mount but instead I get:

SSSD:

Sep 04 09:25:11 <host> krb5_child[41263]: Preauthentication failed

AUTOFS:

 >> mount.nfs: access denied by server while mounting <path>


On /var/log/sssd/krb5_child.log i get this:

   *  (2022-09-04  9:25:23): [krb5_child[41266]] [become_user] 
(0x0200): [RID#28] Trying to become user [925800000][925800000].

This is admin user at IPA. Not the user who's home folder we tried to 'ls'

   *  (2022-09-04  9:25:23): [krb5_child[41266]] [main] (0x2000): 
[RID#28] Running as [925800000][925800000].
   *  (2022-09-04  9:25:23): [krb5_child[41266]] [set_lifetime_options] 
(0x0100): [RID#28] No specific renewable lifetime requested.
   *  (2022-09-04  9:25:23): [krb5_child[41266]] [set_lifetime_options] 
(0x0100): [RID#28] No specific lifetime requested.
   *  (2022-09-04  9:25:23): [krb5_child[41266]] 
[set_canonicalize_option] (0x0100): [RID#28] Canonicalization is set to 
[true]
   *  (2022-09-04  9:25:23): [krb5_child[41266]] [main] (0x0400): 
[RID#28] Will perform auth
   *  (2022-09-04  9:25:23): [krb5_child[41266]] [main] (0x0400): 
[RID#28] Will perform online auth
   *  (2022-09-04  9:25:23): [krb5_child[41266]] [tgt_req_child] 
(0x1000): [RID#28] Attempting to get a TGT
   *  (2022-09-04  9:25:23): [krb5_child[41266]] [get_and_save_tgt] 
(0x0400): [RID#28] Attempting kinit for realm [<REALM>]
   *  (2022-09-04  9:25:23): [krb5_child[41266]] [sss_krb5_responder] 
(0x4000): [RID#28] Got question [password].

Is asking admin password for kerberos5 ticket and fails.

   *  (2022-09-04  9:25:23): [krb5_child[41266]] [get_and_save_tgt] 
(0x0020): [RID#28] 1725: [-1765328360][Preauthentication failed]

How would one go about this?

--
Me worry? That's why my first CD was Peter Gabriel SO....

Sami Hulkko
sahul...@gmail.com
sahul...@icloud.com
samihul...@quantum-black-hole.com
+358 45 85693 919
BEGIN:VCARD
VERSION:4.0
EMAIL;PREF=1:samihul...@quantum-black-hole.com
EMAIL:sahul...@gmail.com
FN:Sami Hulkko
NICKNAME:Atol
N:Hulkko;Sami;;;
TEL;VALUE=TEXT:+358458569319
X-MOZILLA-HTML;VALUE=BOOLEAN:FALSE
UID:53ad98cb-d6b2-4667-a26c-6f564a428e51
END:VCARD
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue