Thank you, i will take a look to the enctypes of my keytab. I hope that's the problem. Here /etc/krb5.conf ----------------------------------------------------------------------- [libdefaults] default_realm = EXAMPLE.COM # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] EXAMPLE.COM = { kdc = kerberos.example.com admin_server = kerberos.example.com } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM [login] krb4_convert = true krb4_get_tickets = false -------------------------------------------------------------------------------- Here /etc/hosts 127.0.0.1 localhost goku goku.example.com nfs.example.com 10.0.0.1 goku goku.example.com 10.0.0.1 nfs.example.com # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts 2011/2/11 Kevin Coffman <kwc@xxxxxxxxxxxxxx>: > On Fri, Feb 11, 2011 at 1:38 PM, CeR <cer.inet@xxxxxxxxx> wrote: >> >> Hello. I have been trying to set up a local-teachpurpose-server at home. >> >> My enviroment: debian squeeze KVM/libvirt machine, with 2.6.32-5-amd64 kernel. >> >> When restarting services with the correct configuration, i get this: >> As you can see, the keytab is there, with correct permissions to read by root. >> >> root@goku:~# /etc/init.d/nfs-common restart >> Stopping NFS common utilities: gssd idmapd statd. >> Starting NFS common utilities: statd idmapd gssd. >> >> root@goku:~# /etc/init.d/nfs-kernel-server restart >> Stopping NFS kernel daemon: mountd svcgssd nfsd. >> Unexporting directories for NFS kernel daemon.... >> Exporting directories for NFS kernel daemon.... >> Starting NFS kernel daemon: nfsd svcgssd failed! >> >> root@goku:~# tail /var/log/syslog >> Feb 11 18:29:45 goku kernel: [ 2266.025197] nfsd: last server has >> exited, flushing export cache >> Feb 11 18:29:46 goku kernel: [ 2267.119699] svc: failed to register >> lockdv1 RPC service (errno 97). >> Feb 11 18:29:46 goku kernel: [ 2267.121318] NFSD: Using >> /var/lib/nfs/v4recovery as the NFSv4 state recovery directory >> Feb 11 18:29:46 goku kernel: [ 2267.122284] NFSD: starting 90-second >> grace period >> Feb 11 18:29:46 goku rpc.svcgssd[2333]: ERROR: GSS-API: error in >> gss_acquire_cred(): Unspecified GSS failure. Minor code may provide >> more information - Key table entry not found >> Feb 11 18:29:46 goku rpc.svcgssd[2333]: unable to obtain root >> (machine) credentials >> Feb 11 18:29:46 goku rpc.svcgssd[2333]: do you have a keytab entry for >> nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab? >> >> root@goku:~# ls -l /etc/krb5.keytab >> -rw-r----- 1 root openldap 1210 feb 11 11:11 /etc/krb5.keytab >> >> root@goku:~# klist -k >> Keytab name: WRFILE:/etc/krb5.keytab >> KVNO Principal >> ---- -------------------------------------------------------------------------- >> 2 host/goku.example.com@xxxxxxxxxxx >> 2 host/goku.example.com@xxxxxxxxxxx >> 2 host/goku.example.com@xxxxxxxxxxx >> 2 host/goku.example.com@xxxxxxxxxxx >> 2 ldap/goku.example.com@xxxxxxxxxxx >> 2 ldap/goku.example.com@xxxxxxxxxxx >> 2 ldap/goku.example.com@xxxxxxxxxxx >> 2 ldap/goku.example.com@xxxxxxxxxxx >> 4 nfs/goku.example.com@xxxxxxxxxxx >> 4 nfs/goku.example.com@xxxxxxxxxxx >> 4 nfs/goku.example.com@xxxxxxxxxxx >> 4 nfs/goku.example.com@xxxxxxxxxxx >> >> >> Is a bug? A incompatibility between my packages versions? A >> configuration problem? Any idea? >> >> >> Thank you. Best regards. > > First, with this kernel version, you should only have one keytab entry > for nfs/goku.example.com with a DES key. (You don't show the > enctypes, but I see you have 4 keys for nfs.) You won't hit this > problem until you get past the other error. > > Make sure the reverse look-up for your server's host returns the > correct name. (Matching the name in the keytab, "goku.example.com") > > Perhaps send a copy of /etc/hosts and your /etc/krb5.conf to see what > might be misconfigured. > > K.C. > -- [*] CeR / Arturo Borrero Gonzalez [*] -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html