I have been trying all sorts of things to get this working. nfsv4 works fine if I just use the nfs-v3 form of export i.e. /nfs4exports 192.168.230.237/24(ro,fsid=0,sync,insecure,no_root_squash,no_subtree_check,squash_uids=0-99) /nfs4exports/NDG 192.168.230.237/24(rw,insecure,no_subtree_check,nohide,sync,no_root_squash,squash_uids=0-99) but this is inherently open to all on this machine.
so then using this recipe http://www.techrepublic.com/blog/opensource/kerberos-authentication-with-nfs... and many others that hours of google foo shows
change exports to /nfs4exports gss/krb5(ro,fsid=0,sync,insecure,no_root_squash,no_subtree_check,squash_uids=0-99) /nfs4exports/NDG gss/krb5(rw,insecure,no_subtree_check,nohide,sync,no_root_squash,squash_uids=0-99)
now from the client I can see [rkampen@timsws ~]$ showmount -e example.com Export list for example.com: /nfs4exports gss/krb5 /nfs4exports/NDG gss/krb5
but [rkampen@timsws /]$ sudo mount -t nfs4 -o sec=krb5 ndgonline.net:/ /NDG/ mount.nfs4: access denied by server while mounting ndgonline.net:/
and [rkampen@timsws /]$ sudo mount -t nfs4 -o sec=krb5 ndgonline.net:/NDG /NDG/ mount.nfs4: access denied by server while mounting ndgonline.net:/NDG
And I cannot find any log entries relating to the kerberos KDC or on the nfs server - two different machines. I have set up all the principals in the KDC and used kadmin/ktadd to load into the client and the server /etc/krb5.keytab as per the above url. How and where do I get logging to occur so I can find out the missing piece in my kerberos setup? Any help or directions appreciated. TIA