Hi, Barry Brimer schrieb: > Quoting Sebastian Marten <sebi4711 at gmail.com>: > >> Hi list, >> Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1? >> I set up Kerberos and NFS but get several erros >> >> "Warning: rpc.gssd appears not to be running. >> mount.nfs4: Permission denied" >> >> Is this an CentOS oder an config problem? > > Yes. > > Are you running all of the gss services? > Is portmap running? > Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs? > Was your kerberos principal created with: > "addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com" > Was your keytab entry created with: > "ktadd -e des-cbc-md5:normal nfs/server.domain.com" > Do you have gss/krb5p just before the nfs options in parentheses? > I've done all this + add princs for the host. (tested with ds and ds.example.lan) I get this error: ds rpc.svcgssd[4686]: ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - No principal in keytab matches desired name ds rpc.svcgssd[4686]: Unable to obtain credentials for 'nfs' ds rpc.svcgssd[4686]: unable to obtain root (machine) credentials ds rpc.svcgssd[4686]: do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab? But: kadmin.local listprincs return: K/M at EXAMPLE.COM host/ds.example.lan at EXAMPLE.COM host/ds at EXAMPLE.COM kadmin/admin at EXAMPLE.COM kadmin/changepw at EXAMPLE.COM kadmin/history at EXAMPLE.COM kadmin/localhost.localdomain at EXAMPLE.COM krbtgt/EXAMPLE.COM at EXAMPLE.COM nfs/ds.example.lan at EXAMPLE.COM nfs/ds at EXAMPLE.COM root/admin at EXAMPLE.COM root at EXAMPLE.COM The hostname is ds.example.lan /tec/krb5.conf points on the right server. kinit and klist works kinit Password for root at EXAMPLE.COM: [root at ds ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: root at EXAMPLE.COM Valid starting Expires Service principal 05/30/08 08:52:48 05/31/08 08:52:47 krbtgt/EXAMPLE.COM at EXAMPLE.COM Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached There is my problem? > Hope this helps. > > Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 542 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080530/13fcd479/attachment-0005.sig>