I'm trying to set up NFSv4 with Kerberos. The server is FreeBSD 13.0-RELEASE and the client is Ubuntu 20. I have the Kerberos part running and I can automaatically get a ticket on login for my user, and SSH into the server while being authenticated via Kerberos. So I'm confident that my Kerberos setup is correct so far.
But when I try to mount NFSv4 shares, I get the following three errors at once:
# mount -vvvv -t nfs4 -o sec=krb5 servidor:/ /mnt
mount.nfs4: timeout set for Tue Nov 2 00:54:36 2021
mount.nfs4: trying text-based options 'sec=krb5,vers=4.2,addr=10.42.42.2,clientaddr=10.42.42.119'
mount.nfs4: mount(2): Invalid argument
mount.nfs4: trying text-based options 'sec=krb5,vers=4.1,addr=10.42.42.2,clientaddr=10.42.42.119'
mount.nfs4: mount(2): Permission denied
mount.nfs4: trying text-based options 'sec=krb5,vers=4.1,addr=fe80::215:17ff:fe56:d754,clientaddr=::'
mount.nfs4: mount(2): Input/output error
mount.nfs4: mount system call failed
First error is "Invalid argument", last is "Input/output error". Not sure how to go about debugging those.
The "Permission denied" error I'm not sure if it's due to Kerberos or something else.
showmount -e servidor shows that the exports exist (at least for NFSv3). Here's my exports file:
/tera/shared -alldirs
/usr/home -alldirs
V4: /tera/shared -sec=krb5,krb5i
V4: /usr/home -sec=krb5,krb5i
It's my understanding that this should export everything, to any IP on NFSv3 and to kerberos-authenticated clients for NFSv4.
Both machines have a nfs/hostname@REALM key in their keytab (also tried with nfs/hostname.fqdn@REALM and host/hostname@REALM, etc).
