<div dir="ltr"><div><div><div><div><div><div><div><div><div>hi,<br><br></div>in a test lab I have joined a omnios vm to a ipa (kerberos/ldap) domain.<br><br></div>this is the omnios version:<br><br># uname -a <br>
SunOS testomnios 5.11 omnios-df542ea i86pc i386 i86pc Solaris<br><br></div>Kerberos authentication works and I can use ldap to search users, getent passwd etc works fine.<br><br></div>I have created an nfs service principal name for the host and added them to the systems' keytab:<br>
<br># klist -k<br>Keytab name: FILE:/etc/krb5/krb5.keytab<br>KVNO Principal<br>---- --------------------------------------------------------------------------<br> 1 nfs/testomnios.ipa.asenjo.nx@IPA.ASENJO.NX<br> 1 nfs/testomnios.ipa.asenjo.nx@IPA.ASENJO.NX<br>
1 nfs/testomnios.ipa.asenjo.nx@IPA.ASENJO.NX<br> 1 nfs/testomnios.ipa.asenjo.nx@IPA.ASENJO.NX<br> 2 host/testomnios.ipa.asenjo.nx@IPA.ASENJO.NX<br> 2 host/testomnios.ipa.asenjo.nx@IPA.ASENJO.NX<br> 2 host/testomnios.ipa.asenjo.nx@IPA.ASENJO.NX<br>
2 host/testomnios.ipa.asenjo.nx@IPA.ASENJO.NX<br><br></div>I have followed the docs here: <a href="http://docs.oracle.com/cd/E23824_01/html/821-1456/setup-97.html">http://docs.oracle.com/cd/E23824_01/html/821-1456/setup-97.html</a><br>
<br></div>the file /etc/nfssec.conf looks like this:<br><br># default security mode is defined at the end. It should be one of<br># the flavor numbers defined above it.<br>#<br>none 0 - - - # AUTH_NONE<br>
sys 1 - - - # AUTH_SYS<br>dh 3 - - - # AUTH_DH<br>#<br># Uncomment the following lines to use Kerberos V5 with NFS<br>#<br>krb5 390003 kerberos_v5 default - # RPCSEC_GSS<br>
krb5i 390004 kerberos_v5 default integrity # RPCSEC_GSS<br>krb5p 390005 kerberos_v5 default privacy # RPCSEC_GSS<br><br>default 1 - - - # default is AUTH_SYS<br>
<br></div>and finally I try sharing the homedirs but I get this error:<br><br># share -F nfs -o sec=krb5:krb5i:krb5p /export/home<br>Could not share: /export/home: invalid security type<br><br># svcs -l nfs/server<br>fmri svc:/network/nfs/server:default<br>
name NFS server<br>enabled true<br>state online<br>next_state none<br>state_time Mon Apr 1 23:06:09 2013<br>logfile /var/svc/log/network-nfs-server:default.log<br>restarter svc:/system/svc/restarter:default<br>
contract_id 96 <br>dependency require_any/error svc:/milestone/network (online)<br>dependency require_all/error svc:/network/nfs/nlockmgr (online)<br>dependency optional_all/error svc:/network/nfs/mapid (online)<br>
dependency require_all/restart svc:/network/rpc/bind (online)<br>dependency optional_all/none svc:/network/rpc/keyserv (online)<br>dependency optional_all/none svc:/network/rpc/gss (online)<br>dependency optional_all/none svc:/network/shares/group (multiple)<br>
dependency optional_all/none svc:/system/filesystem/reparse (online)<br>dependency require_all/error svc:/system/filesystem/local (online)<br><br></div>How can troubleshoot this? I'm learning a lot about solaris, but still a newbie.<br>
<br></div>TIA,<br clear="all"><div><div><div><div><div><div><div><div><div><div><div><div>--<br>Groeten,<br>natxo</div>
</div></div></div></div></div></div></div></div></div></div></div></div>