Server :: NFSv4 And Kerberos - Access Denied By Server
Mar 28, 2011
I am attempting to Kerborize an NFS server on a RHEL6 machine, but I cannot get it quite right. The error message I receive when executing the following command (as myself, not as root) is:
Code:
I have a keytab generated from the KDC for both NFS server and NFS client (both RHEL6 hosts) placed in /etc, and I have configured PAM/Kerberos so I can login via SSH and see I have a valid ticket with klist.
I can login to both NFS server and NFS client via SSH and get a ticket, but I don't know where the problematic NFS permissions reside.
The /etc/exports file on the NFS server looks like:
Code:
I have disabled IP Tables on both client and server, and hosts.allow and hosts.deny are not blocking traffic at the moment. On the NFS server.
Here is the output of rpcinfo:
On the NFS client, here is the output of that same command:
i'm trying to setup a nfs4 server and client. i followed the instructions in [URL](nfsv4 quick start section) and [URL] The SERVER is on 192.168.89.1 running Xubuntu 10.04, and the CLIENT is on 192.168.89.128 running Ubuntu 10.10. Firewall is disabled on both the server and the client for testing purposes. /etc/default/nfs-kernel-server on the SERVER:
Code:
# Number of servers to start up RPCNFSDCOUNT=8 # Runtime priority of server (see nice(1))
[code]....
On the [URL], i see some steps related to portmap on the "NFS Server" and "NFS Client" sections. Would i need those steps as well? There's also a list of steps on [URL] (linked from [URL]. Are those necessary?
EDIT: Running showmount on the client seemed to show that NOTHING is shared on the server:
I'm trying to configure SSH for accessing with kerberos. I try to configure a SSO. The computer is joined to Active Directory. I can access with the user/pass from AD (using samba/winbind), but if I try to connect using kerberos, the error:
Server not found in kerberos database. The server is CentOS 5.5, but also tried with RHEL 5.5.
Configuration Domain: net Realm: TEST.NET User: usertom Server ssh: testul0001.test.net Client ssh: testul0001.test.net (connect to the same computer) Domain controler: testgc01.test.net .....
I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
xx@xx.com SMTP error from remote mail server after initial connection: host [URL] [ip address]: 550 Access denied...
Using NFS on the client machine. I am running scientific linux on my machine. Its working fine for my other machines.I have made sure that the firewall is disabled and also the selinux too. here is what i get when i use rpcinfo -p on the client.
rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100007 2 udp 868 ypbind 100007 1 udp 868 ypbind .....
I have not done the SMTP debug yet but just from basic troubleshooting, I think I know what the problem is. My mail server is rejecting my web server from sending mail due to 'relay access denied':
Code: root@www:# telnet mail.domain.tld 25 Trying 211.113.101.135... Connected to mail.domain.tld. Escape character is '^]'.
I've only recently encountered this problem with vsftpd when I was creating new ftp accounts. I keep on getting:
550 Access Denied.
on every action I try to do on ftp, no matter what. I've been trying to solve this myself however my attempts have been futile.
The permissions, and ownership have been checked and rechecked tens of times now, so thats not the issue. I've reinstalled the OS of my server twice now, and the problem is still persisting. Heres my config file, this isnt for anon by the way.
Code: # Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. #
Has anyone seen this? I have attached a screenshot of it to this post.
When I log in using PUTTY, as soon as I enter my username and hit enter I get Access denied, then a prompt for a password and all works well, it just tells me access denied even though it didnt deny me. its weird.
I am getting an access denied when trying to log in via SSH to my home server with putty(windows) over the internet. I can use any user including root and get the same result. If I use my Android phone with the ssh terminal command I am able to successfully log in and use the server.
i have a big question about nfsv4, 2 mahine , 1 client 1 serverclient mount -t nfs4 nfs:/ /mnt/nfscd /mnt/nfs/1touch: cannot touch `123': Permission deniedmount -lnfs:/ on /mnt/nfs type nfs4rw,addr=192.168.1.5)this is my configclient & servervi /etc/hosts192.168.1.5 nfs nfs.test.com192.168.1.6 node1 node1.test.com
I set up a nfs server that is working locally only, on remote I get this: root@poc ~]# mount -t nfs storage:/var/ftp/pub /net mount.nfs: access denied by server while mounting storage:/var/ftp/pub
This is my exports file: /var/ftp/pub/downloads 192.168.1.23(rw,sync) /var/ftp/pub 192.168.1.23(ro,sync) this is my rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100011 1 udp 875 rquotad .....
Firewall has 2049 open only. Other services suck as nfs or status, lockd have random ports, so firewalled.
I recently installed CentOS 5 as my server. I have samba running 100%, today i was working on NFS i had it semi working at one point where i could mount to the shared folder but i could not see any of the files in it, now when ever i try to access it i get, mount.nfs: access denied by server while mounting 192.168.1.100:/Server
Since FC6, NFS became very finicky and seemingly causes servers to randomly denying mounts from some terminals but not others, with all exactly the same new FC installation and exactly the same hardware - crazy!. The only difference is hostnames of the terminals trying to mount NFS volumes on the server and I made sure that /etc/hosts on all terminals and servers contain each others ip addresses and hostnames. I always uninstall SELinux which is truly a huge pain in a corporate environment. Is there ANY way I can relax the NFS authentication on the server in order to make sure clients can mount volumes?
e.g. the following is encountered often, with sometimes crazy situations that clients can only mount nfs volum es from the server after I first boot the server and then ALL the terminals. It is painful as you might agree! Other way round, no go, client will not mount until server is booted and then client booted.
In this case I really prefer windows lackey security. It works. Never mind how crappy windows is, at least I don't have diabolical access problems on servers.. NFS used to be very nice about 6 years ago but truly sucks recently imo. /]# mount -o soft -t nfs nfsserver:/public /xfer mount.nfs: access denied by server while mounting nfsserver:/public
when client goes to bind to NFS share on remote server - they are getting access denied when using the mount command; [SERVER] - CentOS 5.3 /etc/exports /mnt/data 192.168.5.199(rw) - implying the client I want to have access
I have configured mail server with postfix with dovecot with no encryption: When connecting with Thunderbird imap is working fine. When sending email from another domain to this domain again it is fine. But when I want to send mail from my domain to another it gives me error and this is /var/log/maillog: Quote:Jan 18 18:23:09 srv1 postfix/smtpd[3991]: NOQUEUE: reject: RCPT from unknown[95.81.67.120]: 554 5.7.1 <Recipient email>: Relay access denied; from=<Sender> to=<Recipient email> proto=ESMTP helo=<[127.0.0.1]>
I'm having a hard time to access MySQL from the local or remote shell. If I try to access MySQL, using mysql -u root -pxxxx I get the error 1045 Access denied...
MySQL is running and I can access it, using phpmyadmin.
There must be something blocking shell access. Can anybody confirm and tell me how to check/configure for shell access? I'm using ca preconfigured CenOS from PBX in a flash and it seems they did some security settings - but I can't find any further information. I know I should probably post there, but the Mods didn't activate my account yet. And you know how it is if you try to figure something out. You won't stop.
I have AD DS installed on Windows Server 2008 R2. Also, I've got SLES 10.3 as NFSv4 server, which will allow remote users to mount their /home partitions. What I need, is NFSv4 w/Kerberos. As AD server already has integrated Kerberos server, I need SLES to authenticate in it.Everything works good, but when it comes to svcgssd service activation, I receive an error.Here's the log:
/usr/sbin/rpc.svcgssd -f ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - No principal in keytab matches desired name
I just built an AMD Phenom II Six Core with 4 Gigs Ram a 160Gib / and swap, and (2) Two Tb mirror for Raid (data storage) I had been using DMRAID in the deprecated box but this box has MDADM v3.1.4 - 31st August 2010 from source (on MDADM wikipedia).
I have no permission problems with using the raid and dmraid is un-installed. The raid is working perfectly and is mounted in my fstab with ext4 defaults 0 2 as my options.
I have two exports /media/raid/Test /test
Both show IP and subnet on the showmount -e for the server. I can mount the test just fine on the server. I cannot, however, mount the /media/raid/Test error: mount.nfs: access denied by server while mounting hostname:/media/raid/Test Using dmraid I am able to have the deprecated box export and mount nfs shares from the raid but using MDADM on the new computer, I cannot. I get similar results with pointing MYSQL's data folder to a location on the "/media/raid/Database" (even with apparmor entries).
my server is Redhat as 5 + postfix +Dovecot .when i use smtp to send mail,it can't to send,the system return "relay access denied" ? This is my maini.cf
Code: # Global Postfix configuration file. This file lists only a subset # of all parameters. For the syntax, and for a complete parameter # list, see the postconf(5) manual page (command: "man 5 postconf"). # # For common configuration examples, see BASIC_CONFIGURATION_README
I tried to set up NFSv4 with idmapd between two Debian/lenny installations. On the client, the user "xyz" has the UID 501 and on the server "1000". Changing UIDs and setting up NIS is not possible, Kerberos unwanted. I tried to set up NFSv4 with idmapd and it is only working from server to clienthen I list directories on the server, belonging to the user "xyz/1000", the owner is correctly displayed on the client as user "xyz/501". But when I create a file on the server, it is created with UID 501 (should be 1000). The configuration is quite standard, idmapd.conf was generated automatically, NEED_IDMAPD is set to "yes" and starting properly.
The main exporting directory has following options in /etc/exports: rw,fsid=0,insecure,no_subtree_check,sync and the mounted directory has:
I run a mediaserver on Archlinux, working perfectly (or almost). I have set up NFS v3 and that worked for me on these clients:
- Debian Lenny - Archlinux 64bit
Now I've upgraded my Lenny-box to squeeze and I see that 2 of my 3 shared folders (tdone and twatch) are mounted like they should and the third one (media) doesn't come up. A 'mount -a' as root gives this error: mount.nfs4: access denied by server while mounting (null) My relevant fstab-lines:
I set up a servber on my local machine, & also PHp - Both working fine.I'm trying to load up MYSQL i have installed it, & *can* start/stop the server. however if I do anything else with it, I get this error :-
Quote:
root@gordon-desktop:~# sudo mysqladmin -u root -h localhost password MYPASSWORD mysqladmin: connect to server at 'localhost' failed error: 'Access denied for user 'root'@'localhost' (using password: NO)'
Query :-
1) How do I know MYSQL is actually active ? (apart from the message it says that its statrted (or stopped).
2) Is there a way to
a) Find out the usernames that are recorded on the MYSQL server ? b) set / RESET the 'root' username (I know MYSQL root user is different to PC root user) c) anything else I can do on the PHP / website code to see if MYSQL is working
(as yet, no tables / databases etc have been set up - as I can't get past this error message - I get the same error when setting up a database.)
Ps I did allow my usermname (when logged in to ubuntu) to edit / create files in the /usr/www/ directory (but it is still OWNED by 'root' - that directory)
I can logon to computer with username/passwd from AD.
But if I try to use ssh, is doesn't work
When I try to connect to the same computer using kerberos I receive this messages:
ssh -vv server.domain.com .... debug1: Authentications that can continue: publickey,gssapi-with-mic,password debug1: Next authentication method: gssapi-with-mic debug2: we sent a gssapi-with-mic packet, wait for reply
[Code]....
and it tries to use publickey and finally, user/pass.
What do I've have do for using ssh and kerberos? I use samba for joining computer to AD. I tried it in ubuntu 8.04 and likewise-open and it works, but not in RH-Samba.
i'm trying to setup a nfs4 server and client. i followed the instructions in
[URL]
The SERVER is on 192.168.89.1 running Xubuntu 10.04, and the CLIENT is on 192.168.89.128 running Ubuntu 10.10. Firewall is disabled on both the server and the client for testing purposes. /etc/default/nfs-kernel-server on the SERVER:
Code:
# Number of servers to start up RPCNFSDCOUNT=8 # Runtime priority of server (see nice(1))
[code]....
because we want UID/GUID to be mapped from names. This way, server and client do not need the users to share same UID/GUID. In that case,
1. Should i set those 2 fields to "no" and "yes" respectively instead?
2. Or else, how do i make sure that the uid on the server is mapped to something useful on the client instead of nobody and nogroup?
This is my first post, I hope I'm the the right place. I installed mysql mysql-server php-mysql perl-DBD-mysql libdbi-dbd-mysql via "yum install -y" on a server running CentOS 5.3 X86_64 The install completes successful with no errors, but once I start mysqld via "chkconfig --level 35 mysqld on" ; "service mysqld start" There are no errors in /var/log/mysqld.log netstat shows mysqld listening on 3306 and localhost is in /etc/hosts
