Re: [CentOS] Windows 2003 AD, Winbind, Kerberos and NFSv4

Fri, 02 Jul 2010 15:36:42 -0700 

On Fri, 2 Jul 2010, Louis Lagendijk wrote:

> On Fri, 2010-07-02 at 11:27 -0700, James A. Peltier wrote:
>> Hi All,
>
>> To support NFSv4 with Kerberos security, we also need to generate service
>> principal for NFS:
>>
>> [r...@aconite ~]# net -U administrator ads keytab add nfs
>>
>> which then looks like this
>>
>> [r...@aconite ~]# klist -k
>> Keytab name: FILE:/etc/krb5.keytab
>> KVNO Principal
>> ---- 
>> --------------------------------------------------------------------------
>>     3 host/aconite.my.ad.n...@my.ad.name
>>     3 host/aconite.my.ad.n...@my.ad.name
>>     3 host/aconite.my.ad.n...@my.ad.name
>>     3 host/acon...@my.ad.name
>>     3 host/acon...@my.ad.name
>>     3 host/acon...@my.ad.name
>>     3 aconi...@my.ad.name
>>     3 aconi...@my.ad.name
>>     3 aconi...@my.ad.name
>>     3 nfs/aconite.my.ad.n...@my.ad.name
>>     3 nfs/aconite.my.ad.n...@my.ad.name
>>     3 nfs/aconite.my.ad.n...@my.ad.name
>>     3 nfs/acon...@my.ad.name
>>     3 nfs/acon...@my.ad.name
>>     3 nfs/acon...@my.ad.name
>>
> did you create the keytab on the CLIENT also?

Do you mean did I run the net ads keytab add nfs on the client?  If so the 
answer is yes.  I've even tried mounting the NFS export directly from the 
NFS server

> is rpc.gssd running on the client?
> rpc.svc.gssd on the server?

Yes and Yes.

> so you most likely do not have a keytab on the client.

I do but I'm not sure it is correct.  If you are doing it can you please 
provide me some sample output to compare your server/client keytabs to 
mine?

> Using kerberos is not simple....

I'm getting that picture. :)

-- 
James A. Peltier
Systems Analyst (FASNet), VIVARIUM Technical Director
HPC Coordinator
Simon Fraser University - Burnaby Campus
Phone   : 778-782-6573
Fax     : 778-782-3045
E-Mail  : jpelt...@sfu.ca
Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca
           http://blogs.sfu.ca/people/jpeltier
MSN     : subatomic_s...@hotmail.com

TEAMWORK
  There's power in numbers.  Learn to work together.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Reply via email to