Thomas Sailer wrote:
Hi,
After upgrading one IPA client from Fedora12 to Fedora13 (the server
runs Fedora12), I'm experiencing NFS4 problems.
I can still mount the server from the client like this:
mount -t nfs4 -o soft,intr,rsize=8192,wsize=8192,rw,sec=krb5p
server.xxx.com:/home /tmp/z
root can then successfully list subdirectories with ls /tmp/z. However,
when a normal user tries to do this, he gets -EACCES.
Permissions of /tmp/z should be ok:
# ls -ldZ /tmp/z
drwxr-xr-x. root root system_u:object_r:nfs_t:s0 /tmp/z
# getfacl /tmp/z
getfacl: Removing leading '/' from absolute path names
# file: tmp/z
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# nfs4_getfacl /tmp/z
A::OWNER@:rwaDxtTcCy
A::GROUP@:rxtcy
A::EVERYONE@:rxtcy
It worked under Fedora 12. Does anybody have an idea what went wrong?
I assume the keytab is still valid since the mount succeeds and root
works. Kerberos otherwise works ok on this machine, you can kinit, etc?
You might want to check the kdc log on and the 389-ds log, you might see
some querying to find the user for authentication.
Do things like 'getent passwd <someuser>' still work?
rob
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
