Linux client kerberos problem with attempted nfsv4 connection...

Lord of the Union foo at foo.com
Fri May 20 22:16:34 EDT 2005


Hi,

 > May 20 11:04:43 client rpc.gssd[6442]: WARNING: Cannot find KDC for
 > requested realm while getting initial ticket for principal
 > 'nfs/client.bu.edu at AD.BU.EDU' from keytab 'FILE:/etc/krb5.keytab'

The above error could be a key to the problem.Can you please post the 
krb5.conf? Also verify that the KDC is being resolved correctly to full 
qualified domain name correctly.

            = Ram Marti


Jeffrey C Albro wrote:
> I'm trying to create a krb5 authenticated nfsv4 connection from a Linux 
> Fedora core 3 client to a NetApp filer server. 
> 
> The trick is, the NetApp is running kerbors connected to a Windows AD 
> KDC...
> 
> I've created a keytab for the client with a principal of:
> 
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ---- 
> --------------------------------------------------------------------------
>    4 nfs/client.bu.edu at AD.BU.EDU
> 
> 
> On the client a mount attempt gives
> 
> client:~# mount -tnfs4 -o sec=krb5 server.bu.edu:/vol/unix_share 
> /mnt/unix_share
> mount: block device server.bu.edu:/vol/unix_share is write-protected, 
> mounting read-only
> mount: cannot mount block device server.bu.edu:/vol/unix_share read-only
> 
> Mounting without the -o sec=krb5 works fine.
> 
> Heres where I need help...  I get the following suspicous messages in 
> /var/log/messages:
> 
> May 20 11:04:43 client rpc.gssd[6442]: WARNING: Cannot find KDC for 
> requested realm while getting initial ticket for principal 
> 'nfs/client.bu.edu at AD.BU.EDU' from keytab 'FILE:/etc/krb5.keytab'
> 
> and
> 
> May 20 11:04:43 client rpc.gssd[6442]: WARNING: Failed to obtain 
> machine credentials for connection to server server.bu.edu
> 
> The first one is wierd as I have krb5.conf set up, have joined the domain
> with samba, and can kinit an AD account just fine.
> 
> I've googled these errors with no luck.  I'm also working with nfsv4 and 
> netapp people on it, but I thought I would give this list a try as well.
> 
> Anyone have any ideas?
> 
> Thanks!
> 
> -Jeff
> 
> 
> -----------------------------------------------------------
> Jeffrey Albro | Systems Administrator | Boston University
>    - Department of Electrical and Computer Engineering -
> jalbro at bu.edu |  Photonics, Room 305  | 617-358-2785
> -----------------------------------------------------------
> 
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 


More information about the Kerberos mailing list