[CentOS] Kerberos + NFSv4 difficulties
Miguel Di Ciurcio Filho
miguel at ic.unicamp.br
Thu Dec 3 11:37:01 UTC 2009
Dan Burkland wrote:
>
> d. SECURE_NFS = “yes”
>
Uncomment this lines for a more much more verbose logging in
/etc/sysconfig/nfs:
RPCGSSDARGS="-vvv"
RPCSVCGSSDARGS="-vvv"
>
> a. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: ERROR: GSS-API: error in
> gss_acquire_cred(): Unspecified GSS failure. Minor code may provide
> more information - No principal in keytab matches desired name
>
> b. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: Unable to obtain
> credentials for 'nfs'
>
> c. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: unable to obtain root
> (machine) credentials
>
> d. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: do you have a keytab
> entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
>
Double check your /etc/krb5.keytab. On the server it must have the
nfs/server.exemple.net key and on the client it must have
nfs/client.exemple.net.
In idmapd.conf, leave it as the default:
[General]
Verbosity = 0
Pipefs-Directory = /var/lib/nfs/rpc_pipefs
Domain = localdomain
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
Believe me, I've tried to understand[1] why Domain must be "localdomain"
but I've no been lucky.
Regards,
Miguel
[1] http://linux-nfs.org/pipermail/nfsv4/2009-September/011369.html
More information about the CentOS
mailing list