help getting kerberized nfs4 mounts working
Rohit Kumar Mehta
rohitm at engr.uconn.edu
Mon May 12 11:19:56 EDT 2008
> Actually, I think you need to have the following entries:
>
> .engr.uconn.edu = ENGR.UCONN.EDU
> .ad.engr.uconn.edu = AD.ENGR.UCONN.EDU
>
> So that client, user.engr.uconn.edu, realizes it is in the
> ENGR.UCONN.EDU realm and the server, filesm.ad.engr.uconn.edu, is in
> the AD.ENGR.UCONN.EDU realm.
>
> K.C.
>
That is what I have: (snippet of krb5.conf follows)
[domain_ream]
.engr.uconn.edu = ENGR.UCONN.EDU
engr.uconn.edu = ENGR.UCONN.EDU
# ad.engr.uconn.edu = ENGR.UCONN.EDU
# .ad.engr.uconn.edu = ENGR.UCONN.EDU
.ad.engr.uconn.edu = AD.ENGR.UCONN.EDU
ad.engr.uconn.edu = AD.ENGR.UCONN.EDU
Also I have set the default_realm in [libdefaults] to AD.ENGR.UCONN.EDU
to force users to authenticate off the Active Directory.
This error persists:
May 12 10:49:46 user rpc.gssd[3534]: Key table entry not found while
getting keytab entry for 'host/user.engr.uconn.edu at AD.ENGR.UCONN.EDU'
In wireshark I see quite a few error messages from the MIT KDC to the
NFS client with the type
(KRB5KRB_ERR_GENERIC). The message looks like this:
MSG Type: KRB-ERROR (30)
error_code: KRB5KRB_ERR_GENERIC (60)
Client Name (Principal): nfs/user.engr.uconn.edu
Realm: ENGR.UCONN.EDU
Server Name (Unknown): krbtgt/AD.ENGR.UCONN.EDU
e-text: NO PREAUTH
Do you the version of nfs-utils that ships with Gutsy
(1.1.1~git-20070709-3ubuntu1) could be
the problem?
Thanks,
Rohit
More information about the NFSv4
mailing list