I'm not an IT specialist, but with the hints from
@xenu was able get FreeNAS 11.2-U7 and a centos7 based ips-server to provide a kerberised NFSv4 service to linux clients.
But a fresh install of FreeNAS 11.3-U1 it is a different story. With a FreeNAS config which looks like it might be correct, clients cannot mount nfs shares with sec=krb5.
ipa CA , ipa generated host cert/key for FreeNAS and host/nfs service tabs have been added and LDAP config appears to enable without error:
Code:
root@fn113u1[~]# ktutil --keytab=/etc/krb5.keytab list
/etc/krb5.keytab:
Vno Type Principal Aliases
1 aes256-cts-hmac-sha1-96 host/fn113u1.mynet.local@MYNET.LOCAL
1 aes128-cts-hmac-sha1-96 host/fn113u1.mynet.local@MYNET.LOCAL
1 aes256-cts-hmac-sha1-96 nfs/fn113u1.mynet.local@MYNET.LOCAL
1 aes128-cts-hmac-sha1-96 nfs/fn113u1.mynet.local@MYNET.LOCAL
root@fn11-3u1[~]# klist
klist: No ticket file: /tmp/krb5cc_0
root@fn113u1[~]# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal: host/fn113u1.mynet.local@MYNET.LOCAL
Issued Expires Principal
Feb 27 10:42:53 2020 Feb 28 10:42:53 2020 krbtgt/MYNET.LOCAL@MYNET.LOCAL
Feb 27 10:42:53 2020 Feb 28 10:42:53 2020 ldap/centos7ipa.mynet.local@MYNET.LOCAL
root@fn11-3u1[~]# getent passwd cburge
cburge:*:347800001:347800001:chris burge:/home/cburge:
root@fn113u1[~]# getent group cburge
cburge:*:347800001
root@fn11-3u1[~]# getent group admins
admins:*:347800000:admin
root@fn113u1[~]#
On a re-boot of FreeNAS the console has multiple nslcd errors :
Code:
Feb 27 11:20:45 fn113u1 nslcd[981]: GSSAPI Error: Miscellaneous failure (see text) or directory (open(/tmp/krb5cc_0): No such file or directory)
Feb 27 11:20:45 fn113u1 nslcd[981]: [00834d] <group(all)> failed to bind to LDAP server ldap://centos7ipa.mynet.local:389: Local error: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) or directory (open(/tmp/krb5cc_0): No such file or directory): No such file or directory
Feb 27 11:20:45 fn113u1 nslcd[981]: [00834d] <group(all)> no available LDAP server found, sleeping 1 seconds
?