I'm relatively new to IPA and have been practicing setting up Kerberized NFS. I succeeded in initially sharing a directory from my VM Server1 to Server2.
I accomplished the above by adding the NFS service in my IPA Server for server1 and generated a keytab file :
ipa service-add nfs/server1.example.com
ipa-getkeytab -s ipa.example.com -p nfs/server1.example.com -k /root/krb5.keytab
and then copied the Keytab file from the IPA Server to server1 and server2.
Now I'm trying to share a directory from server2 to server1.
Should the same keytab file work because right now as I'm unable to mount a kerberos share but normal shares without sec=krb5p works.
Secondly in case of generating a new keytab file how would I go about it. I want krb security from both server1 to server2 and vice versa. Operating system is Centos7.3
Any help in this regard would be greatly appreciated.
EDIT:
I tried adding NFS service for both clients :
ipa service-add nfs/server1.example.com
ipa service-add nfs/server2.example.com
generated a Keytab file for both and used ktutil to merge the keytab files :
ipa-getkeytab -s ipa.example.com -p nfs/server1.example.com -k /home/krbserver1.keytab
ipa-getkeytab -s ipa.example.com -p nfs/server2.example.com -k /home/krbserver2.keytab
Output of klist -k :
[root@server1 etc]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 nfs/server1.example.com@EXAMPLE.COM
3 nfs/server1.example.com@EXAMPLE.COM
2 nfs/server2.example.com@EXAMPLE.COM
2 nfs/server2.example.com@EXAMPLE.COM
Sadly this didn't work either and now both shares are getting access denied!
When I added the service for nfs/server2.example.com only I was able to share from server2 to server1 but now it was not available from server1 to server2.
How can I get it to work both ways? Any help would be greatly appreciated.
