Re: kvno X not found in keytab; ticket is likely out of date

Mon, 22 Jul 2019 06:18:12 -0700 

Unfortunately it’s likely to take some experimentation. My starting point would 
be on each client, unmount the file system, maybe delete /tmp/krb5ccmachine*, 
restart rpc.gssd, and remount.

> On Jul 22, 2019, at 6:22 AM, Laura Smith <n5d9xq3ti233xiyif...@protonmail.ch> 
> wrote:
> 
> Ok, I hold my hand up, I messed up.  So the question is, how do I get myself 
> out of this mess ?
> 
> A summary of how I got here:
> • I have an NFS server and a bunch of clients connecting and auth using krb5.
> • This was all working beautifully.... until today.
> • Through an act of pure fat-fingered stupidity, I ran "addprinc -randkey 
> nfs/name.of.nfs.server" when setting up a new NFS client (i.e used server 
> name instead of client name).
> • Now everything is broken (none of the NFS clients can connect to the server 
> and I am seeing the error messages below on the NFS server).
> • keytab on NFS server only had credentials for NFS server, so I deleted the 
> keytab and created a new one through ktadd
> • that didnt' work.  a reboot of the NFS server didn't work.
> 
> Summary ?  I'm up a smelly creek without a paddle !
> 
> Messages on NFS server:
> 
> 2019-07-22T11:01:35.075247+01:00 foo rpc.svcgssd[847]: ERROR: GSS-API: error 
> in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS 
> failure.  Minor code may provide more information) - Request ticket server 
> nfs/foo.example....@example.corp kvno 3 not found in keytab; ticket is likely 
> out of date
> 2019-07-22T11:01:39.460944+01:00 foo rpc.svcgssd[847]: message repeated 41 
> times: [ ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): 
> GSS_S_FAILURE (Unspecified GSS failure.  Minor code may provide more 
> information) - Request ticket server nfs/foo.example....@example.corp kvno 3 
> not found in keytab; ticket is likely out of date]
> 
> ________________________________________________
> Kerberos mailing list           Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to