Strange NFS Problem After Using Kerberos Plugin

OMV 2.1.20
I was messing around with the Kerberos plugin to see if it was better than my manual configuration. I couldn't get it to work, which is beside the point of this thread, but I ended up uninstalling it. Now when I try to configure NFS shares, some weird "krb" text is being inserted into the NFSv4 section and breaking NFS (nfs-kernel-server fails to start).

Here is how my exports file looks when configuring through the interface:

root@***:/etc# cat exports
# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
/export/ISO 10.10.10.0/24(rw,subtree_check,secure)
/export/VM 10.10.10.0/24(rw,subtree_check,secure)


# NFSv4 - pseudo filesystem root
/export 10.10.10.0/24(,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5)

If I change it to the following, everything works as expected, but any further changes through the interface break it:

root@***:/etc# cat exports
# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5).
/export/ISO 10.10.10.0/24(rw,subtree_check,secure)
/export/VM 10.10.10.0/24(rw,subtree_check,secure)


# NFSv4 - pseudo filesystem root
/export 10.10.10.0/24(rw,fsid=0,subtree_check,secure)

Any help is appreciated!

Zitat von subzero79

I have no idea how the plugin configures the root of export (nfs4) but my guess it uses environment variables. Can you post here

cat /etc/default/openmediavault

That's definitely it, here is the relevant line from that file:

OMV_NFSD_V4_DEFAULT_EXPORT_OPTIONS=",sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5,sec=krb5p:krb5i:krb5"

So my question now is what should that be and how in the world did it end up messed up?

Zitat von subzero79

Just delete that line. Restart engined
service openmediavault-engined restart

Make a change in nfs and check the exports

cc <a href="http://forums.openmediavault.org/index.php/User/6136-ikogan/">@ikogan</a> to tweak the postrm file to bring back to default nfs after purging the plugin.

That fixed it, thank you!! The OMV_NFSD_V4_DEFAULT_EXPORT_OPTIONS parameter wasn't added back to the default file, is that ok?

Zitat von ikogan

Hey there, sorry for the lack of reply, I was on vacation. <a href="http://forums.openmediavault.org/index.php/User/7905-grokdesigns/">@grokdesigns</a>, what about the plugin didn't work for you besides breaking NFS? I notice that it added the Kerberos options to NFS more than once, that's a bug that I haven't seen. What else didn't…

@ikogan, honestly I probably just didn't know what to put where in the plugin settings. I use Kerberos to connect to a Windows Domain Controller and I got it set up just fine manually, but I wasn't able to get it working properly with the plugin.

Zitat von ikogan

I did find the bug where it was inserting multiple NFS options which I'm working on fixing. I'd love to help you get it working with the plugin if you'd like. Perhaps it's not configuring things right. Here's how my krb5.conf is setup from the plugin if…

I'd love to get it working with the plugin, I will give it a shot as soon as I have some time to mess with it. One thing I didn't see how to do with the plugin was add multiple KDCs, but otherwise your config looks similar to my manually configured one:

[libdefaults]
 default_realm = AD.DOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
[realms]
 AD.DOMAIN.COM = {
  kdc = dc1.ad.domain.com
  kdc = dc2.ad.domain.com
  admin_server = dc1.ad.domain.com
 }
[domain_realm]
 .ad.domain.com = AD.DOMAIN.COM
 ad.domain.com = AD.DOMAIN.COM