A little encouragement with Kerberos for NFS

Andrew B. Young andrew at an3e.org
Mon Jul 17 15:04:24 EDT 2006 

Terry, I am successfully running now thanks to Kevin's help.  Since 
Kevin's patches are not yet available as an FC5 update I downloaded, 
built, and installed all the libraries by hand:

nfs-utils-1.0.9.tar
libnfsidmap-0.16.tar
librpcsecgss-0.13.tar
libgssapi-0.10.tar
Plus yum install  libevent-devel-1.1a-3.2
Plus ln -s libnfsidmap.so.0 libnfsidmap.so in /usr/lib

It was time consuming, and you may need more dependencies depending on 
your base, but straightforward.  I ran into more trouble with the usage 
paradigm of NFSv4.  Call if you want more info.

Cheers,
Andrew B. Young                 Voice:  +1-650-859-2298
Research Engineer               Cell:   +1-650-380-5778
SRI International               Fax:    +1-650-322-2318
333 Ravenswood Avenue


Terry Figel wrote:
> Is there any new news on this?
> I am using Fedora Core 5 and ran yum update....
> So I have the same rpms, and the same error message
> Jul 17 10:18:50 ldap rpc.svcgssd[2723]: WARNING: get_ids: unable to 
> map name 'nfs/monitor5.cse.ucsc.edu at SOE.UCSC.EDU' to a uid
> I was thinking I was going to Back out the Rpm updates, and install 
> this set:
> nfs-utils-1.0.7-8
> system-config-nfs-1.3.10-1
>
>
> Andrew B. Young wrote:
>> Dear Kevin,
>>
>> I am using the rpms--
>>  [root at ns3 ~]# rpm --query --all | grep nfs
>>  nfs-utils-1.0.8-2.fc5
>>  nfs-utils-lib-1.0.8-4.FC5
>>  system-config-nfs-1.3.19-1
>>
>> Following receipt of your last email I tried Sun's documentation on 
>> gsscred--
>>  http://docs.sun.com/app/docs/doc/816-4557/6maosrjle?a=view
>> but gsscred is not installed (don't know if it's in any of the FC5 
>> rpms.)
>>
>> I also tried added the following in the KDC conf
>> |-- /etc/krb5.conf------------
>> |  [auth_to_local_names]
>> |  nfs/ns2.an3e.org = nfsnobody
>>
>> Neither helped; still getting--
>>  Jul 10 13:39:44 ns3 rpc.svcgssd[2781]: WARNING: get_ids: unable to 
>> map name 'nfs/ns2.an3e.org at AN3E.ORG' to a uid
>>
>> The Sun documentation states that that server will try to map the 
>> principle to a uid, but I note there is no user "nfs" in the 
>> distribution.  I have not tried to create one, which would be similar 
>> to nfsnobody.  I may try this next.
>>
>> Thanks,
>> Andrew
>>
>> Kevin Coffman wrote:
>>> Hi Andrew,
>>> Thanks for the output.  It is helpful.
>>>
>>>>   [root at ns3 ~]# exportfs -a
>>>>   gss/krb5:/var/lib/music: Cannot allocate memory
>>>
>>> I don't what this means, but ...
>>>
>>>
>>>>
>>>> [root at ns3 log]# tail messages
>>>> ...
>>>> Jul 10 09:41:04 ns3 rpc.svcgssd[10950]: WARNING: get_ids: unable to 
>>>> map
>>>> name 'nfs/ns2.an3e.org at AN3E.ORG' to a uid
>>>> ...
>>>
>>> This means that the server was unable to map the gss principal name
>>> 'nfs/ns2.an3e.org at AN3E.ORG' into a local uid/gid.  If you are are
>>> working with source code versions of nfs-utils, etc.,  I can give you
>>> a patch to get by this error.  Otherwise, if you are working with FC5
>>> rpms we can figure out how to proceed.
>>>
>>> K.C.
>>
>> _______________________________________________
>> NFSv4 mailing list
>> NFSv4 at linux-nfs.org
>> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>
>

More information about the NFSv4 mailing list