Linux client kerberos problem with attempted nfsv4 connection...
Jeffrey C Albro
jalbro at bu.edu
Fri May 20 13:32:47 EDT 2005
I'm trying to create a krb5 authenticated nfsv4 connection from a Linux
Fedora core 3 client to a NetApp filer server.
The trick is, the NetApp is running kerbors connected to a Windows AD
KDC...
I've created a keytab for the client with a principal of:
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
4 nfs/client.bu.edu at AD.BU.EDU
On the client a mount attempt gives
client:~# mount -tnfs4 -o sec=krb5 server.bu.edu:/vol/unix_share
/mnt/unix_share
mount: block device server.bu.edu:/vol/unix_share is write-protected,
mounting read-only
mount: cannot mount block device server.bu.edu:/vol/unix_share read-only
Mounting without the -o sec=krb5 works fine.
Heres where I need help... I get the following suspicous messages in
/var/log/messages:
May 20 11:04:43 client rpc.gssd[6442]: WARNING: Cannot find KDC for
requested realm while getting initial ticket for principal
'nfs/client.bu.edu at AD.BU.EDU' from keytab 'FILE:/etc/krb5.keytab'
and
May 20 11:04:43 client rpc.gssd[6442]: WARNING: Failed to obtain
machine credentials for connection to server server.bu.edu
The first one is wierd as I have krb5.conf set up, have joined the domain
with samba, and can kinit an AD account just fine.
I've googled these errors with no luck. I'm also working with nfsv4 and
netapp people on it, but I thought I would give this list a try as well.
Anyone have any ideas?
Thanks!
-Jeff
-----------------------------------------------------------
Jeffrey Albro | Systems Administrator | Boston University
- Department of Electrical and Computer Engineering -
jalbro at bu.edu | Photonics, Room 305 | 617-358-2785
-----------------------------------------------------------
More information about the Kerberos
mailing list