Hey All, I recently have been trying to setup an NFSv4 share that utilizes Kerberos. My experience in general with NFS is very slim however I feel like I am very close to getting this project completed. Currently I have the following things in place: 1) NFS server nfs.example.net (VM#2) - Running CentOS 5.4 with all of the latest updates and NFS-related packages 2) Kerberos KDC running on Kerberos.example.net (VM#1) - Running CentOS 5.4 with all of the latest updates 3) NFS client nfs-client.example.net (VM#3) - Running CentOS 5.4 with all of the latest updates Before I give you the error message I receive when I enable NFS, I'll first describe my setup process. 1) Verified Kerberos works on all machines by attempting a kinit testuser which worked properly. 2) Verified that the clocks on all machines represent the same time (synced using a local NTP server) 3) Created a service principle for nfs.example.net by performing the following commands on the nfs.example.net machine: - (Performed on NFS server) a. kadmin (Logged in as an admin principle) b. addprinc -randkey nfs/nfs.example.net c. ktadd -e des-cbc-crc:normal nfs/nfs.example.net d. quit e. kinit nfs/nfs.example.net -k -t /etc/krb5.keytab f. klist to verify 4) Edited /etc/idmapd.conf with the following changes: - (Performed on NFS server) a. changed Nobody-{User,Group} to nfsnobody b. changed Domain to nfs.example.net 5) Mkdir /nfs/ - (Performed on NFS server) 6) Added the following to /etc/exports - (Performed on NFS server) a. /nfs gss/krb5p(rw,sync,fsid=0) 7) exportfs -rv - (Performed on NFS server) 8) Verified all relevant nfs services were stopped - (Performed on NFS server) 9) Uncommented and made the following changes to /etc/sysconfig/nfs - (Performed on NFS server) a. MOUNTD_NFS_V1="no" b. MOUNTD_NFS_V2="no" c. RPCNFSDARGS="-N 2 -N 3 -U" d. SECURE_NFS = "yes" 10) /etc/init.d/portmap start; /etc/init.d/rpcidmapd start; /etc/init.d/nfs start - (Performed on NFS server) 11) And I receive the following output when the nfs service starts: a. Starting RPC svcgssd: FAILED b. Starting NFS Services: OK c. Starting NFS quotas: OK d. Starting NFS daemon: NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory e. NFSD: starting 90-second grace period f. Starting NFS mountd: OK 12) I then checked /var/log/messages to find the following log entries: a. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - No principal in keytab matches desired name b. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: Unable to obtain credentials for 'nfs' c. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: unable to obtain root (machine) credentials d. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab? I seem to be stuck at this point and would appreciate your insight. Thank you, Dan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20091202/e57df663/attachment-0004.html>