Re: Config for NFSv4 an Kerberos on CentOS 5.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Hi,

Barry Brimer schrieb:

Quoting Sebastian Marten <sebi4711@xxxxxxxxx>:


Hi list,
Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
I set up Kerberos and NFS but get several erros

"Warning: rpc.gssd appears not to be running.
mount.nfs4: Permission denied"

Is this an CentOS oder an config problem?


Yes.

Are you running all of the gss services?
Is portmap running?
Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs?
Was your kerberos principal created with:
"addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com"
Was your keytab entry created with:
"ktadd -e des-cbc-md5:normal nfs/server.domain.com"
Do you have gss/krb5p just before the nfs options in parentheses?
I've done all this + add princs for the host. (tested with ds and ds.example.lan) 

I get this error:
ds rpc.svcgssd[4686]: ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - No principal in keytab matches desired name 
 ds rpc.svcgssd[4686]: Unable to obtain credentials for 'nfs'
 ds rpc.svcgssd[4686]: unable to obtain root (machine) credentials
ds rpc.svcgssd[4686]: do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab? 

But: kadmin.local listprincs return:

K/M@xxxxxxxxxxx
host/ds.example.lan@xxxxxxxxxxx
host/ds@xxxxxxxxxxx
kadmin/admin@xxxxxxxxxxx
kadmin/changepw@xxxxxxxxxxx
kadmin/history@xxxxxxxxxxx
kadmin/localhost.localdomain@xxxxxxxxxxx
krbtgt/EXAMPLE.COM@xxxxxxxxxxx
nfs/ds.example.lan@xxxxxxxxxxx
nfs/ds@xxxxxxxxxxx
root/admin@xxxxxxxxxxx
root@xxxxxxxxxxx

The hostname is ds.example.lan

/tec/krb5.conf points on the right server.

kinit and klist works

kinit
Password for root@xxxxxxxxxxx:
[root@ds ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root@xxxxxxxxxxx

Valid starting     Expires            Service principal
05/30/08 08:52:48  05/31/08 08:52:47  krbtgt/EXAMPLE.COM@xxxxxxxxxxx


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


There is my problem?



Hope this helps.

Barry

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux