Newbie nfsv4 debian, netapp

Frédéric Goudal frederic.goudal at ipb.fr
Fri Oct 25 03:06:02 EDT 2013


Ok, you are right.

What I did was mount.nfs4 -o sec=krb5 
But the correct command is 
mount -t nfs -o "vers=4,sec=krb5"

THe result is : 

Oct 25 08:47:02 kerberos krb5kdc[2631](info): AS_REQ (2 etypes {16 17}) 147.210.18.37: NEEDED_PREAUTH: nfs/client.fqdnr at IPB.FR for krbtgt/DO.M at DO.M, Additional pre-authentication required
Oct 25 08:47:02 kerberos krb5kdc[2631](info): AS_REQ (2 etypes {16 17}) 147.210.18.37: ISSUE: authtime 1382683622, etypes {rep=16 tkt=18 ses=16}, nfs/client.fqdnr at DO.M for krbtgt/DO.M at DO.M
Oct 25 08:47:03 kerberos krb5kdc[2631](info): TGS_REQ (2 etypes {16 17}) 147.210.18.37: ISSUE: authtime 1382683622, etypes {rep=16 tkt=18 ses=16}, nfs/client.fqdnr at DO.M for nfs/serv.fqdn at DO.M

So as far as I understand it seemst that the service ticket to access the nfs server is delivered.

But on the netapp filer I have 
Kerberos: encryption type 18 not supported

>From what I read in the netapp doc it seems that the netapp does only support des + crc encryption

I tried to remove all but (des-cbc-crc) encryption in the /etc/krb5.keytab on the client for the nfs/client principal
but the kerberos server does not go further thant needed_preauth...

I guess I have something to do in the configuration so that dec encryption can be used ?

f.g.


Le 25 oct. 2013 à 08:14, Tom_Krauss <thomas.krauss at itserv.de> a écrit :

> You probably do not mount kerberized at all.
> Use "mount -o sec=krb5 ..." or change the clients defaults.
> 
> Hth
> 
> 
> 
> --
> View this message in context: http://kerberos.996246.n3.nabble.com/Newbie-nfsv4-debian-netapp-tp38752p38761.html
> Sent from the Kerberos - General mailing list archive at Nabble.com.
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list