Hi list, Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1? I set up Kerberos and NFS but get several erros
"Warning: rpc.gssd appears not to be running. mount.nfs4: Permission denied"
Is this an CentOS oder an config problem?
Greetings Sebastian
Quoting Sebastian Marten sebi4711@gmail.com:
Hi list, Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1? I set up Kerberos and NFS but get several erros
"Warning: rpc.gssd appears not to be running. mount.nfs4: Permission denied"
Is this an CentOS oder an config problem?
Yes.
Are you running all of the gss services? Is portmap running? Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs? Was your kerberos principal created with: "addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com" Was your keytab entry created with: "ktadd -e des-cbc-md5:normal nfs/server.domain.com" Do you have gss/krb5p just before the nfs options in parentheses?
Hope this helps.
Barry
Hi,
Barry Brimer schrieb:
Quoting Sebastian Marten sebi4711@gmail.com:
Hi list, Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1? I set up Kerberos and NFS but get several erros
"Warning: rpc.gssd appears not to be running. mount.nfs4: Permission denied"
Is this an CentOS oder an config problem?
Yes.
Are you running all of the gss services? Is portmap running? Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs? Was your kerberos principal created with: "addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com" Was your keytab entry created with: "ktadd -e des-cbc-md5:normal nfs/server.domain.com" Do you have gss/krb5p just before the nfs options in parentheses?
I've done all this + add princs for the host. (tested with ds and ds.example.lan)
I get this error: ds rpc.svcgssd[4686]: ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - No principal in keytab matches desired name ds rpc.svcgssd[4686]: Unable to obtain credentials for 'nfs' ds rpc.svcgssd[4686]: unable to obtain root (machine) credentials ds rpc.svcgssd[4686]: do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
But: kadmin.local listprincs return:
K/M@EXAMPLE.COM host/ds.example.lan@EXAMPLE.COM host/ds@EXAMPLE.COM kadmin/admin@EXAMPLE.COM kadmin/changepw@EXAMPLE.COM kadmin/history@EXAMPLE.COM kadmin/localhost.localdomain@EXAMPLE.COM krbtgt/EXAMPLE.COM@EXAMPLE.COM nfs/ds.example.lan@EXAMPLE.COM nfs/ds@EXAMPLE.COM root/admin@EXAMPLE.COM root@EXAMPLE.COM
The hostname is ds.example.lan
/tec/krb5.conf points on the right server.
kinit and klist works
kinit Password for root@EXAMPLE.COM: [root@ds ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: root@EXAMPLE.COM
Valid starting Expires Service principal 05/30/08 08:52:48 05/31/08 08:52:47 krbtgt/EXAMPLE.COM@EXAMPLE.COM
Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached
There is my problem?
Hope this helps.
Barry
Barry Brimer schrieb:
Quoting Sebastian Marten sebi4711@gmail.com:
Hi list, Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1? I set up Kerberos and NFS but get several erros
"Warning: rpc.gssd appears not to be running. mount.nfs4: Permission denied"
Is this an CentOS oder an config problem?
Yes.
Are you running all of the gss services? Is portmap running? Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs? Was your kerberos principal created with: "addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com" Was your keytab entry created with: "ktadd -e des-cbc-md5:normal nfs/server.domain.com" Do you have gss/krb5p just before the nfs options in parentheses?
I've done all this + add princs for the host. (tested with ds and ds.example.lan)
Do other kerberized services work on this host? Does NFS work in non-kerberized mode?
Barry
On Thu, 2008-05-29 at 15:34 +0200, Sebastian Marten wrote:
Hi list, Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1? I set up Kerberos and NFS but get several erros
"Warning: rpc.gssd appears not to be running. mount.nfs4: Permission denied"
Yes, NFS4 works with Kerberos on Centos5. But the kernel only supports es-cbc-crc:normal, so when you add the key for NFS to the keytab, use: ktadd -e des-cbc-crc:normal -k /tmp/keytab nfs/myclient.mydomain
Is this an CentOS oder an config problem?
config....
Thanks Louis, Thanks Barry,
With the "-e des-cbc-crc:normal" command it works :)
Sebastian
Louis Lagendijk schrieb:
On Thu, 2008-05-29 at 15:34 +0200, Sebastian Marten wrote:
Hi list, Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1? I set up Kerberos and NFS but get several erros
"Warning: rpc.gssd appears not to be running. mount.nfs4: Permission denied"
Yes, NFS4 works with Kerberos on Centos5. But the kernel only supports es-cbc-crc:normal, so when you add the key for NFS to the keytab, use: ktadd -e des-cbc-crc:normal -k /tmp/keytab nfs/myclient.mydomain
Is this an CentOS oder an config problem?
config....
-
Barry Brimer -
Louis Lagendijk -
Sebastian Marten