Newbie nfsv4 debian, netapp
Frédéric Goudal
frederic.goudal at ipb.fr
Fri Oct 25 03:06:02 EDT 2013
Ok, you are right.
What I did was mount.nfs4 -o sec=krb5
But the correct command is
mount -t nfs -o "vers=4,sec=krb5"
THe result is :
Oct 25 08:47:02 kerberos krb5kdc[2631](info): AS_REQ (2 etypes {16 17}) 147.210.18.37: NEEDED_PREAUTH: nfs/client.fqdnr at IPB.FR for krbtgt/DO.M at DO.M, Additional pre-authentication required
Oct 25 08:47:02 kerberos krb5kdc[2631](info): AS_REQ (2 etypes {16 17}) 147.210.18.37: ISSUE: authtime 1382683622, etypes {rep=16 tkt=18 ses=16}, nfs/client.fqdnr at DO.M for krbtgt/DO.M at DO.M
Oct 25 08:47:03 kerberos krb5kdc[2631](info): TGS_REQ (2 etypes {16 17}) 147.210.18.37: ISSUE: authtime 1382683622, etypes {rep=16 tkt=18 ses=16}, nfs/client.fqdnr at DO.M for nfs/serv.fqdn at DO.M
So as far as I understand it seemst that the service ticket to access the nfs server is delivered.
But on the netapp filer I have
Kerberos: encryption type 18 not supported
>From what I read in the netapp doc it seems that the netapp does only support des + crc encryption
I tried to remove all but (des-cbc-crc) encryption in the /etc/krb5.keytab on the client for the nfs/client principal
but the kerberos server does not go further thant needed_preauth...
I guess I have something to do in the configuration so that dec encryption can be used ?
f.g.
Le 25 oct. 2013 à 08:14, Tom_Krauss <thomas.krauss at itserv.de> a écrit :
> You probably do not mount kerberized at all.
> Use "mount -o sec=krb5 ..." or change the clients defaults.
>
> Hth
>
>
>
> --
> View this message in context: http://kerberos.996246.n3.nabble.com/Newbie-nfsv4-debian-netapp-tp38752p38761.html
> Sent from the Kerberos - General mailing list archive at Nabble.com.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list