Kerberos contexts - definition?
Derek Warren
warren at sfu.ca
Wed Aug 29 13:46:15 EDT 2012
On 2012-08-27, at 12:49 PM, steve wrote:
> BTW, does mounting with Kerberized nfs3 work? It may help narrow down
> the problem.
Hmm, I wasn't even aware that was possible. I just tried this and wound up with the same rpc.gssd error:
> WARNING: Failed to create krb5 context for user with uid 56055 for server nfsserver.example.com
On 2012-08-27, at 2:51 PM, Nico Williams wrote:
> Did you setup the SPNs in AD properly?
I believe so, but I would be delighted to hear of anything I could correct.
# net ads join createupn="nfs/nfsserver.example.com at AD.EXAMPLE.COM" createcomputer="OU" -U $BINDUSER%$BINDPASSWD
# net ads keytab add nfs
After these two steps, here's how the servicePrincipalName attribute for the NFSSERVER$ computer object looks in our Win2K8 R2 AD:
HOST/NFSSERVER
HOST/nfsserver.example.com
NFS/nfsserver
NFS/nfsserver.example.com
NFS/NFSSERVER.EXAMPLE.COM/nfsserver
NFS/NFSSERVER.EXAMPLE.COM/nfsserver.example.com
Looks the same for nfsclient.example.com.
Does that look right?
Many thanks,
--
Derek Warren, IT Services, Research Computing Group, Simon Fraser University
More information about the Kerberos
mailing list