Access denied by server while mounting with NFS Kerberos in trusted domain
Applies to
- ONTAP 9
- NFS Kerberos
- Trusted domain
Issue
- NFS kerberos mount in trusted domain fails.
[root@host1 ~]#mount -t nfs -vvv -o rw,sec=krb5,nfsvers=4,minorversion=1,clientaddr=10.x.x.x nfs:/volumepath /hostpathThu Apr 13 10:52:49 IST 2023mount.nfs: timeout set for Thu Apr 13 10:54:49 2023mount.nfs: trying text-based options 'sec=krb5,nfsvers=4,clientaddr=10.x.x.x,vers=4.1,addr=10.x.x.x'mount.nfs: mount(2): Permission deniedmount.nfs: access denied by server while mounting nfs:/volumepath- NFS kerberos LIF is created on domain "domain1.com.in".
::*> nfs kerberos interface show -vserver nfsserver-3LogicalVserver Interface Address Kerberos SPN-------------- ------------- --------------- -------- -----------------------clus-sv3 clus-sv3-if1 10.xx.yy.228 enabled nfs/clus-sv3.nas.ss.com.in@domain1.com.in- NFS client is part of different domain domain2.com.in.
[root@host1 ~]# realm listdomain2.com.intype: kerberosrealm-name: DOMAIN2.COM.INdomain-name: domain2.com.inconfigured: kerberos-memberserver-software: ipaclient-software: sssdrequired-package: ipa-clientrequired-package: oddjobrequired-package: oddjob-mkhomedirrequired-package: sssdlogin-formats: %Ulogin-policy: allow-realm-logins