Re: [CentOS] Config for NFSv4 an Kerberos on CentOS 5.1

[Sebastian Marten]

Hi,

Barry Brimer schrieb:

Quoting Sebastian Marten <[EMAIL PROTECTED]>:

Hi list,
Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
I set up Kerberos and NFS but get several erros

"Warning: rpc.gssd appears not to be running.
mount.nfs4: Permission denied"

Is this an CentOS oder an config problem?

Yes.

Are you running all of the gss services?
Is portmap running?
Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs?
Was your kerberos principal created with:
"addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com"
Was your keytab entry created with:
"ktadd -e des-cbc-md5:normal nfs/server.domain.com"
Do you have gss/krb5p just before the nfs options in parentheses?

I get this error:

 ds rpc.svcgssd[4686]: Unable to obtain credentials for 'nfs'
 ds rpc.svcgssd[4686]: unable to obtain root (machine) credentials


But: kadmin.local listprincs return:

K/[EMAIL PROTECTED]
host/[EMAIL PROTECTED]
host/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
kadmin/[EMAIL PROTECTED]
krbtgt/[EMAIL PROTECTED]
nfs/[EMAIL PROTECTED]
nfs/[EMAIL PROTECTED]
root/[EMAIL PROTECTED]
[EMAIL PROTECTED]

The hostname is ds.example.lan

/tec/krb5.conf points on the right server.

kinit and klist works

kinit
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED] ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting     Expires            Service principal
05/30/08 08:52:48  05/31/08 08:52:47  krbtgt/[EMAIL PROTECTED]


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


There is my problem?

I've done all this + add princs for the host. (tested with ds and ds.example.lan) ds rpc.svcgssd[4686]: ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure. Minor code may provide more information - No principal in keytab matches desired name ds rpc.svcgssd[4686]: do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?

Hope this helps.

Barry

signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos