Hello everyone,I need some help debugging a NFSv3 + KRB5 + PAT (Port Address Translation) problem.
We have two hosts behind a firewall and an NFSv3 server outside requiring KRB5 authentication.
1) Client_NAT is using NAT (network address translation), 2) Client_PAT is using PAT (port address translation) to reach the NFSv3 server through the firewall. Both clients are configured identically in terms of Kerberos and so on. Mounting an NFSv3 share now fails on Client_PAT with the message: RPC: server SERVERNAME requires stronger authentication. On Client_NAT, mounting succeeds.We strongly suspect the port address translation to be the reason for the failure, but would need help confirming this and advice on how to fix it.
Please find here the RPC debug logs from Client_NAT: http://pastebin.com/9RANqVgY Client_PAT: http://pastebin.com/TiscNVqW Here is a DIFF between the two: http://pastebin.com/wCg7WyYd I'm grateful for any help on this problem! Best regards, Joschi Brauchle -- Dipl.-Ing. Joschi Brauchle, M.S. Institute for Communications Engineering (LNT) Technische Universitaet Muenchen (TUM) 80290 Munich, Germany Tel (work): +49 89 289-23474 Fax (work): +49 89 289-23490 E-mail: joschi.brauchle@xxxxxx Web: http://www.lnt.ei.tum.de/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
