[NAS-105956] Either sec=sys or sec=krb5(i,p) work but not both - iX - Bug Tracker (Jira)

XML

Word

Printable

Details

Type: Bug
Status: Done (View Workflow)
Priority: Low
Resolution: Complete
Affects Version/s: 11.3-U2, 11.3-U1, 11.3-RELEASE, 11.3-U2.1
Fix Version/s: 12.0-ALPHA2, 11.3-U3
Component/s: Middleware
Labels:
- kerberos
- nfs
- sec=krb5
- sec=sys

Description

When exporting NFS shares, I would like to have shares with sec=krb5i and shares with sec=sys at the same time.

But for some reason, this does not work anymore since the upgrade to freenas 11.3.

I can either enable "Require Kerberos for NFSv4" and mount the shares using sec=krb5i or disable it and only mount the shares with sec=sys. In the latter case, nfsd complains: nfsd: can't register svc name. A sample /etc/exports looks like this:

V4: / -sec=sys:krb5:krb5i:krb5p 
/mnt/data/folder1 -maproot="root":"wheel" -sec=krb5:krb5i:krb5p HOST 
/mnt/data/folder2 -maproot="root":"wheel" -sec=sys IP

The aforementioned checkbox only seems to affect the first line and determines whether "sys" is present or not.

How can the old behavior (freenas 11.2 and older) be restored, that both work at the same time?

Attachments

JEditor

Activity

People

Assignee:: Vladimir Vinogradenko

Reporter:: Hannes Stoll

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Due:: 04/May/20

Created:: 30/Apr/20 7:23 AM

Updated:: 11/May/20 11:33 AM

Resolved:: 04/May/20 9:31 AM