Hello. I solved that error by cleaning /etc/hosts.
I just leave:
#cat /etc/hosts
127.0.0.1 localhost
Then the error left. Nfs4 still doesn't works fine, but due to my
work I haven't time to carry on..
Best regards!
2011/2/15 Kevin Coffman <kwc@xxxxxxxxxxxxxx>:
> Sorry for taking so long to respond.
>
> Depending on the version of Kerberos, you may need the following in
> the libdefaults section of /etc/krb5.conf
>
> allow_weak_crypto = true
>
> I'm not sure why the nfs.example.com entries are in /etc/hosts? That
> may be part of the problem?
>
> Make sure that 'hostname' on the server returns the correct name,
> matching the name in your keytab entry (goku.example.com).
>
> Make sure a reverse DNS lookup of the address returned by a forward
> DNS lookup, returns that same name as well.
>
> K.C.
>
>
> On Sat, Feb 12, 2011 at 7:49 AM, CeR <cer.inet@xxxxxxxxx> wrote:
>> Thank you, i will take a look to the enctypes of my keytab. I hope
>> that's the problem.
>>
>>
>>
>> Here /etc/krb5.conf
>>
>> -----------------------------------------------------------------------
>> [libdefaults]
>> default_realm = EXAMPLE.COM
>>
>> # The following krb5.conf variables are only for MIT Kerberos.
>> krb4_config = /etc/krb.conf
>> krb4_realms = /etc/krb.realms
>> kdc_timesync = 1
>> ccache_type = 4
>> forwardable = true
>> proxiable = true
>>
>> # default_tgs_enctypes = des3-hmac-sha1
>> # default_tkt_enctypes = des3-hmac-sha1
>> # permitted_enctypes = des3-hmac-sha1
>>
>> # The following libdefaults parameters are only for Heimdal Kerberos.
>> v4_instance_resolve = false
>> v4_name_convert = {
>> host = {
>> rcmd = host
>> ftp = ftp
>> }
>> plain = {
>> something = something-else
>> }
>> }
>> fcc-mit-ticketflags = true
>>
>> [realms]
>> EXAMPLE.COM = {
>> kdc = kerberos.example.com
>> admin_server = kerberos.example.com
>> }
>> [domain_realm]
>> .example.com = EXAMPLE.COM
>> example.com = EXAMPLE.COM
>>
>> [login]
>> krb4_convert = true
>> krb4_get_tickets = false
>> --------------------------------------------------------------------------------
>> Here /etc/hosts
>>
>> 127.0.0.1 localhost goku goku.example.com nfs.example.com
>> 10.0.0.1 goku goku.example.com
>> 10.0.0.1 nfs.example.com
>>
>> # The following lines are desirable for IPv6 capable hosts
>> ::1 ip6-localhost ip6-loopback
>> fe00::0 ip6-localnet
>> ff00::0 ip6-mcastprefix
>> ff02::1 ip6-allnodes
>> ff02::2 ip6-allrouters
>> ff02::3 ip6-allhosts
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> 2011/2/11 Kevin Coffman <kwc@xxxxxxxxxxxxxx>:
>>> On Fri, Feb 11, 2011 at 1:38 PM, CeR <cer.inet@xxxxxxxxx> wrote:
>>>>
>>>> Hello. I have been trying to set up a local-teachpurpose-server at home.
>>>>
>>>> My enviroment: debian squeeze KVM/libvirt machine, with 2.6.32-5-amd64 kernel.
>>>>
>>>> When restarting services with the correct configuration, i get this:
>>>> As you can see, the keytab is there, with correct permissions to read by root.
>>>>
>>>> root@goku:~# /etc/init.d/nfs-common restart
>>>> Stopping NFS common utilities: gssd idmapd statd.
>>>> Starting NFS common utilities: statd idmapd gssd.
>>>>
>>>> root@goku:~# /etc/init.d/nfs-kernel-server restart
>>>> Stopping NFS kernel daemon: mountd svcgssd nfsd.
>>>> Unexporting directories for NFS kernel daemon....
>>>> Exporting directories for NFS kernel daemon....
>>>> Starting NFS kernel daemon: nfsd svcgssd failed!
>>>>
>>>> root@goku:~# tail /var/log/syslog
>>>> Feb 11 18:29:45 goku kernel: [ 2266.025197] nfsd: last server has
>>>> exited, flushing export cache
>>>> Feb 11 18:29:46 goku kernel: [ 2267.119699] svc: failed to register
>>>> lockdv1 RPC service (errno 97).
>>>> Feb 11 18:29:46 goku kernel: [ 2267.121318] NFSD: Using
>>>> /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
>>>> Feb 11 18:29:46 goku kernel: [ 2267.122284] NFSD: starting 90-second
>>>> grace period
>>>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: ERROR: GSS-API: error in
>>>> gss_acquire_cred(): Unspecified GSS failure. Minor code may provide
>>>> more information - Key table entry not found
>>>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: unable to obtain root
>>>> (machine) credentials
>>>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: do you have a keytab entry for
>>>> nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
>>>>
>>>> root@goku:~# ls -l /etc/krb5.keytab
>>>> -rw-r----- 1 root openldap 1210 feb 11 11:11 /etc/krb5.keytab
>>>>
>>>> root@goku:~# klist -k
>>>> Keytab name: WRFILE:/etc/krb5.keytab
>>>> KVNO Principal
>>>> ---- --------------------------------------------------------------------------
>>>> 2 host/goku.example.com@xxxxxxxxxxx
>>>> 2 host/goku.example.com@xxxxxxxxxxx
>>>> 2 host/goku.example.com@xxxxxxxxxxx
>>>> 2 host/goku.example.com@xxxxxxxxxxx
>>>> 2 ldap/goku.example.com@xxxxxxxxxxx
>>>> 2 ldap/goku.example.com@xxxxxxxxxxx
>>>> 2 ldap/goku.example.com@xxxxxxxxxxx
>>>> 2 ldap/goku.example.com@xxxxxxxxxxx
>>>> 4 nfs/goku.example.com@xxxxxxxxxxx
>>>> 4 nfs/goku.example.com@xxxxxxxxxxx
>>>> 4 nfs/goku.example.com@xxxxxxxxxxx
>>>> 4 nfs/goku.example.com@xxxxxxxxxxx
>>>>
>>>>
>>>> Is a bug? A incompatibility between my packages versions? A
>>>> configuration problem? Any idea?
>>>>
>>>>
>>>> Thank you. Best regards.
>>>
>>> First, with this kernel version, you should only have one keytab entry
>>> for nfs/goku.example.com with a DES key. (You don't show the
>>> enctypes, but I see you have 4 keys for nfs.) You won't hit this
>>> problem until you get past the other error.
>>>
>>> Make sure the reverse look-up for your server's host returns the
>>> correct name. (Matching the name in the keytab, "goku.example.com")
>>>
>>> Perhaps send a copy of /etc/hosts and your /etc/krb5.conf to see what
>>> might be misconfigured.
>>>
>>> K.C.
>>>
>>
>>
>>
>> --
>> [*] CeR / Arturo Borrero Gonzalez [*]
>>
>>
>
--
[*] CeR / Arturo Borrero Gonzalez [*]
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
