I use FreeIPA as a domain controller and have a number of NFS exports I'd like to use krb5 security with. After a fair amount of suffering I got this all working on Corral, but with Corral being dead I needed to do a fresh install with 11. Unfortunately now I can't get it all working again.
Has anyone got a nice mapping of the FreeIPA settings in corral to equivalent LDAP and Kerberos settings required for 11 or failing that is there any way to get useful diagnosis information out of FreeNAS so I've got more information to go on. I'm struggling to get any useful debug. Or even confirmation if anyone has got it working would be helpful.
More information;
Any help greatly appreciated! This is driving me mad!
Update
OK so I have no idea what I did, but its working again now, but I'd still really appreciate any advice for how to debug problems like this in the future. I've made a blog post with some links and a few little tips that I found it helpful. I'd love to be able to add more info though so if you guys have tips or resources please share.
Has anyone got a nice mapping of the FreeIPA settings in corral to equivalent LDAP and Kerberos settings required for 11 or failing that is there any way to get useful diagnosis information out of FreeNAS so I've got more information to go on. I'm struggling to get any useful debug. Or even confirmation if anyone has got it working would be helpful.
More information;
- mounts with sys security work.
- I've added appropriate keytabs both via the web ui and by directly copying keytab to /etc/krb5.keytab on freenas.
- dns and reverse dns seems to be working on both client and server
showmount -e serverreturns expected results from client.- ktutil list returns expected results on server when pointed at /etc/krb5.keytab . I'm not sure where the web UI puts uploaded keytabs.
- As I say this was working with an identical client setup with the last corral version.
Any help greatly appreciated! This is driving me mad!
Update
OK so I have no idea what I did, but its working again now, but I'd still really appreciate any advice for how to debug problems like this in the future. I've made a blog post with some links and a few little tips that I found it helpful. I'd love to be able to add more info though so if you guys have tips or resources please share.
Last edited:
