[23917] in Kerberos
Linux client kerberos problem with attempted nfsv4 connection...
daemon@ATHENA.MIT.EDU (Jeffrey C Albro)
Fri May 20 13:33:34 2005
Date: Fri, 20 May 2005 13:32:47 -0400 (EDT)
From: Jeffrey C Albro <jalbro@bu.edu>
To: kerberos@mit.edu
Message-ID: <Pine.LNX.4.58.0505201323510.19288@signals10.bu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: kerberos-bounces@mit.edu
I'm trying to create a krb5 authenticated nfsv4 connection from a Linux
Fedora core 3 client to a NetApp filer server.
The trick is, the NetApp is running kerbors connected to a Windows AD
KDC...
I've created a keytab for the client with a principal of:
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
4 nfs/client.bu.edu@AD.BU.EDU
On the client a mount attempt gives
client:~# mount -tnfs4 -o sec=krb5 server.bu.edu:/vol/unix_share
/mnt/unix_share
mount: block device server.bu.edu:/vol/unix_share is write-protected,
mounting read-only
mount: cannot mount block device server.bu.edu:/vol/unix_share read-only
Mounting without the -o sec=krb5 works fine.
Heres where I need help... I get the following suspicous messages in
/var/log/messages:
May 20 11:04:43 client rpc.gssd[6442]: WARNING: Cannot find KDC for
requested realm while getting initial ticket for principal
'nfs/client.bu.edu@AD.BU.EDU' from keytab 'FILE:/etc/krb5.keytab'
and
May 20 11:04:43 client rpc.gssd[6442]: WARNING: Failed to obtain
machine credentials for connection to server server.bu.edu
The first one is wierd as I have krb5.conf set up, have joined the domain
with samba, and can kinit an AD account just fine.
I've googled these errors with no luck. I'm also working with nfsv4 and
netapp people on it, but I thought I would give this list a try as well.
Anyone have any ideas?
Thanks!
-Jeff
-----------------------------------------------------------
Jeffrey Albro | Systems Administrator | Boston University
- Department of Electrical and Computer Engineering -
jalbro@bu.edu | Photonics, Room 305 | 617-358-2785
-----------------------------------------------------------
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
