problems with sec=krb5
Kevin Coffman
kwc at citi.umich.edu
Wed Mar 28 12:20:11 EDT 2007
On 3/28/07, Rohit Kumar Mehta <rohitm at engr.uconn.edu> wrote:
>
> I did create it in AD and add it to the /etc/krb5.keytab.
>
Your keytab looks OK (assuming that lone nfs key is des-cbc-crc)
("klist -e -k" as root)
Your krb5.conf file looks OK.
What version of nfs-utils are you using and what options are you
specifying to gssd? If you have a newer version of nfs-utils and
using a memory credentials cache, that may explain why the
krb5cc_machine_REALM ccache is not being seen in /tmp. If that is the
case, you might drop "-M" option temporarily until we figure out the
problem.
It would be interesting to see what kind of service ticket the client
is requesting. Could you get a network trace from the client with
traffic between it and both the KDC and the NFS server? Get the trace
from gssd startup through the mount attempt.
tcpdump -s0 -w /tmp/gssd.pcap host KDC-HOST or host NFS-SERVER
K.C.
More information about the NFSv4
mailing list