|
Hey All, I recently have been trying to setup an NFSv4 share that
utilizes Kerberos. My experience in general with NFS is very slim however I
feel like I am very close to getting this project completed. Currently I have
the following things in place: 1) NFS server nfs.example.net (VM#2) – Running CentOS
5.4 with all of the latest updates and NFS-related packages 2) Kerberos KDC running on Kerberos.example.net (VM#1) –
Running CentOS 5.4 with all of the latest updates 3) NFS client nfs-client.example.net (VM#3) – Running CentOS
5.4 with all of the latest updates Before I give you the error message I receive when I enable
NFS, I’ll first describe my setup process. 1) Verified
Kerberos works on all machines by attempting a kinit testuser which worked
properly. 2) Verified
that the clocks on all machines represent the same time (synced using a local
NTP server) 3) Created a service
principle for nfs.example.net by performing the following commands on the
nfs.example.net machine: - (Performed on NFS server) a. kadmin (Logged
in as an admin principle) b. addprinc –randkey
nfs/nfs.example.net c. ktadd –e
des-cbc-crc:normal nfs/nfs.example.net d. quit e. kinit
nfs/nfs.example.net –k –t /etc/krb5.keytab f.
klist to verify 4) Edited
/etc/idmapd.conf with the following changes: - (Performed on NFS server) a. changed
Nobody-{User,Group} to nfsnobody b. changed
Domain to nfs.example.net 5) Mkdir /nfs/
- (Performed on NFS server) 6) Added the
following to /etc/exports - (Performed on NFS server) a. /nfs gss/krb5p(rw,sync,fsid=0) 7) exportfs –rv
- (Performed on NFS server) 8) Verified all
relevant nfs services were stopped - (Performed on NFS server) 9) Uncommented
and made the following changes to /etc/sysconfig/nfs - (Performed on NFS server) a. MOUNTD_NFS_V1=”no” b. MOUNTD_NFS_V2=”no” c. RPCNFSDARGS=”-N
2 -N 3 -U” d. SECURE_NFS
= “yes” 10) /etc/init.d/portmap
start; /etc/init.d/rpcidmapd start; /etc/init.d/nfs start - (Performed on NFS
server) 11) And I
receive the following output when the nfs service starts: a. Starting RPC
svcgssd: FAILED b. Starting NFS
Services: OK c. Starting NFS
quotas: OK d. Starting NFS
daemon: NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery
directory e. NFSD:
starting 90-second grace period f.
Starting NFS mountd: OK 12) I then
checked /var/log/messages to find the following log entries: a. Dec 2
12:16:51 nfs rpc.svcgssd[6018]: ERROR: GSS-API: error in gss_acquire_cred():
Unspecified GSS failure. Minor code may provide more information - No
principal in keytab matches desired name b. Dec 2
12:16:51 nfs rpc.svcgssd[6018]: Unable to obtain credentials for 'nfs' c. Dec 2
12:16:51 nfs rpc.svcgssd[6018]: unable to obtain root (machine) credentials d. Dec 2
12:16:51 nfs rpc.svcgssd[6018]: do you have a keytab entry for
nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab? I seem to be stuck at this point and would appreciate your insight.
Thank you, Dan |
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
