On Tue, Apr 20, 2010 at 8:19 PM, Di Pe <dipeit@xxxxxxxxx> wrote: > On Tue, Apr 20, 2010 at 6:19 AM, Kevin Coffman <kwc@xxxxxxxxxxxxxx> wrote: >> Hi, >> >> If I read this right, you replaced krb5-1.8.1 with krb5-1.6.3 and it >> fixed the problem? >> >> As I noted in your original message, you had "allow_weak_crypto = >> true" in your krb5.conf. For NFS, this is required with krb5-1.8 >> where DES is disabled by default. Are you certain you have this >> specified in your krb5-1.8.1 /etc/krb5.conf? > > > Yes, I'm positive. 1.8.1 does not work 1.6.3 does! This is my current setting > > [libdefaults] > default_realm = FHCRC.ORG > clockskew = 300 > default_tkt_enctypes = des-cbc-crc > default_tgs_enctypes = des-cbc-crc > permitted_enctypes = des-cbc-crc > allow_weak_crypto = true > forwardable = true > > I should add one more thing: I was using 2 different NFS servers, a > NetApp 7.3.1.1 and Opentext NFS Maestro Server 2008 (formerly > Hummingbird) on Windows 2008 R2 (AD is still 2003 R2). I found out > today that the NetApp had a corrupted keytab and after repairing that > it works fine with 1.8.1. NFS Maestro still only works with 1.6.3. > Since I can use the 1.6.3 rpm package onto newer distros I can live > with it for the moment if i block the rpm from getting updated but > it's still kind of a hack. Do you have access to logs on the server that still doesn't work with 1.8.1? It seems odd that only this combination would fail. K.C. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
