A little encouragement with Kerberos for NFS
Andrew B. Young
andrew at an3e.org
Mon Jul 10 16:52:09 EDT 2006
Dear Kevin,
I am using the rpms--
[root at ns3 ~]# rpm --query --all | grep nfs
nfs-utils-1.0.8-2.fc5
nfs-utils-lib-1.0.8-4.FC5
system-config-nfs-1.3.19-1
Following receipt of your last email I tried Sun's documentation on
gsscred--
http://docs.sun.com/app/docs/doc/816-4557/6maosrjle?a=view
but gsscred is not installed (don't know if it's in any of the FC5 rpms.)
I also tried added the following in the KDC conf
|-- /etc/krb5.conf------------
| [auth_to_local_names]
| nfs/ns2.an3e.org = nfsnobody
Neither helped; still getting--
Jul 10 13:39:44 ns3 rpc.svcgssd[2781]: WARNING: get_ids: unable to map
name 'nfs/ns2.an3e.org at AN3E.ORG' to a uid
The Sun documentation states that that server will try to map the
principle to a uid, but I note there is no user "nfs" in the
distribution. I have not tried to create one, which would be similar to
nfsnobody. I may try this next.
Thanks,
Andrew
Kevin Coffman wrote:
> Hi Andrew,
> Thanks for the output. It is helpful.
>
>> [root at ns3 ~]# exportfs -a
>> gss/krb5:/var/lib/music: Cannot allocate memory
>
> I don't what this means, but ...
>
>
>>
>> [root at ns3 log]# tail messages
>> ...
>> Jul 10 09:41:04 ns3 rpc.svcgssd[10950]: WARNING: get_ids: unable to map
>> name 'nfs/ns2.an3e.org at AN3E.ORG' to a uid
>> ...
>
> This means that the server was unable to map the gss principal name
> 'nfs/ns2.an3e.org at AN3E.ORG' into a local uid/gid. If you are are
> working with source code versions of nfs-utils, etc., I can give you
> a patch to get by this error. Otherwise, if you are working with FC5
> rpms we can figure out how to proceed.
>
> K.C.
More information about the NFSv4
mailing list