[CentOS] Config for NFSv4 an Kerberos on CentOS 5.1
Sebastian Marten
sebi4711 at gmail.com
Fri May 30 06:54:48 UTC 2008
Hi,
Barry Brimer schrieb:
> Quoting Sebastian Marten <sebi4711 at gmail.com>:
>
>> Hi list,
>> Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
>> I set up Kerberos and NFS but get several erros
>>
>> "Warning: rpc.gssd appears not to be running.
>> mount.nfs4: Permission denied"
>>
>> Is this an CentOS oder an config problem?
>
> Yes.
>
> Are you running all of the gss services?
> Is portmap running?
> Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs?
> Was your kerberos principal created with:
> "addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com"
> Was your keytab entry created with:
> "ktadd -e des-cbc-md5:normal nfs/server.domain.com"
> Do you have gss/krb5p just before the nfs options in parentheses?
>
I've done all this + add princs for the host. (tested with ds and
ds.example.lan)
I get this error:
ds rpc.svcgssd[4686]: ERROR: GSS-API: error in gss_acquire_cred():
Unspecified GSS failure. Minor code may provide more information - No
principal in keytab matches desired name
ds rpc.svcgssd[4686]: Unable to obtain credentials for 'nfs'
ds rpc.svcgssd[4686]: unable to obtain root (machine) credentials
ds rpc.svcgssd[4686]: do you have a keytab entry for
nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
But: kadmin.local listprincs return:
K/M at EXAMPLE.COM
host/ds.example.lan at EXAMPLE.COM
host/ds at EXAMPLE.COM
kadmin/admin at EXAMPLE.COM
kadmin/changepw at EXAMPLE.COM
kadmin/history at EXAMPLE.COM
kadmin/localhost.localdomain at EXAMPLE.COM
krbtgt/EXAMPLE.COM at EXAMPLE.COM
nfs/ds.example.lan at EXAMPLE.COM
nfs/ds at EXAMPLE.COM
root/admin at EXAMPLE.COM
root at EXAMPLE.COM
The hostname is ds.example.lan
/tec/krb5.conf points on the right server.
kinit and klist works
kinit
Password for root at EXAMPLE.COM:
[root at ds ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root at EXAMPLE.COM
Valid starting Expires Service principal
05/30/08 08:52:48 05/31/08 08:52:47 krbtgt/EXAMPLE.COM at EXAMPLE.COM
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
There is my problem?
> Hope this helps.
>
> Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 542 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080530/13fcd479/attachment.sig>
More information about the CentOS
mailing list