Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   Config for NFSv4 an Kerberos on CentOS 5.1 (http://www.linux-archive.org/centos/97454-config-nfsv4-kerberos-centos-5-1-a.html)

Sebastian Marten 05-29-2008 01:34 PM

Config for NFSv4 an Kerberos on CentOS 5.1
 
Hi list,
Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
I set up Kerberos and NFS but get several erros

"Warning: rpc.gssd appears not to be running.
mount.nfs4: Permission denied"

Is this an CentOS oder an config problem?

Greetings
Sebastian

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Barry Brimer 05-29-2008 02:04 PM

Config for NFSv4 an Kerberos on CentOS 5.1
 
Quoting Sebastian Marten <sebi4711@gmail.com>:

> Hi list,
> Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
> I set up Kerberos and NFS but get several erros
>
> "Warning: rpc.gssd appears not to be running.
> mount.nfs4: Permission denied"
>
> Is this an CentOS oder an config problem?

Yes.

Are you running all of the gss services?
Is portmap running?
Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs?
Was your kerberos principal created with:
"addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com"
Was your keytab entry created with:
"ktadd -e des-cbc-md5:normal nfs/server.domain.com"
Do you have gss/krb5p just before the nfs options in parentheses?

Hope this helps.

Barry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Sebastian Marten 05-30-2008 06:54 AM

Config for NFSv4 an Kerberos on CentOS 5.1
 
Hi,

Barry Brimer schrieb:

Quoting Sebastian Marten <sebi4711@gmail.com>:


Hi list,
Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
I set up Kerberos and NFS but get several erros

"Warning: rpc.gssd appears not to be running.
mount.nfs4: Permission denied"

Is this an CentOS oder an config problem?


Yes.

Are you running all of the gss services?
Is portmap running?
Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs?
Was your kerberos principal created with:
"addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com"
Was your keytab entry created with:
"ktadd -e des-cbc-md5:normal nfs/server.domain.com"
Do you have gss/krb5p just before the nfs options in parentheses?



I've done all this + add princs for the host. (tested with ds and
ds.example.lan)


I get this error:
ds rpc.svcgssd[4686]: ERROR: GSS-API: error in gss_acquire_cred():
Unspecified GSS failure. Minor code may provide more information - No
principal in keytab matches desired name

ds rpc.svcgssd[4686]: Unable to obtain credentials for 'nfs'
ds rpc.svcgssd[4686]: unable to obtain root (machine) credentials
ds rpc.svcgssd[4686]: do you have a keytab entry for
nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?


But: kadmin.local listprincs return:

K/M@EXAMPLE.COM
host/ds.example.lan@EXAMPLE.COM
host/ds@EXAMPLE.COM
kadmin/admin@EXAMPLE.COM
kadmin/changepw@EXAMPLE.COM
kadmin/history@EXAMPLE.COM
kadmin/localhost.localdomain@EXAMPLE.COM
krbtgt/EXAMPLE.COM@EXAMPLE.COM
nfs/ds.example.lan@EXAMPLE.COM
nfs/ds@EXAMPLE.COM
root/admin@EXAMPLE.COM
root@EXAMPLE.COM

The hostname is ds.example.lan

/tec/krb5.conf points on the right server.

kinit and klist works

kinit
Password for root@EXAMPLE.COM:
[root@ds ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root@EXAMPLE.COM

Valid starting Expires Service principal
05/30/08 08:52:48 05/31/08 08:52:47 krbtgt/EXAMPLE.COM@EXAMPLE.COM


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


There is my problem?



Hope this helps.

Barry





_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Barry Brimer 05-30-2008 12:41 PM

Config for NFSv4 an Kerberos on CentOS 5.1
 
Barry Brimer schrieb:

Quoting Sebastian Marten <sebi4711@gmail.com>:


Hi list,
Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
I set up Kerberos and NFS but get several erros

"Warning: rpc.gssd appears not to be running.
mount.nfs4: Permission denied"

Is this an CentOS oder an config problem?


Yes.

Are you running all of the gss services?
Is portmap running?
Did you uncomment the SECURE_NFS="yes" in /etc/sysconfig/nfs?
Was your kerberos principal created with:
"addprinc -randkey -e des-cbc-md5:normal nfs/server.domain.com"
Was your keytab entry created with:
"ktadd -e des-cbc-md5:normal nfs/server.domain.com"
Do you have gss/krb5p just before the nfs options in parentheses?



I've done all this + add princs for the host. (tested with ds and
ds.example.lan)


Do other kerberized services work on this host?
Does NFS work in non-kerberized mode?

Barry
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Louis Lagendijk 05-30-2008 03:09 PM

Config for NFSv4 an Kerberos on CentOS 5.1
 
On Thu, 2008-05-29 at 15:34 +0200, Sebastian Marten wrote:
> Hi list,
> Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
> I set up Kerberos and NFS but get several erros
>
> "Warning: rpc.gssd appears not to be running.
> mount.nfs4: Permission denied"
Yes, NFS4 works with Kerberos on Centos5.
But the kernel only supports es-cbc-crc:normal, so when you add the key
for NFS to the keytab, use:
ktadd -e des-cbc-crc:normal -k /tmp/keytab nfs/myclient.mydomain

>
> Is this an CentOS oder an config problem?
>
config....



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Sebastian Marten 05-30-2008 06:53 PM

Config for NFSv4 an Kerberos on CentOS 5.1
 
Thanks Louis,
Thanks Barry,

With the "-e des-cbc-crc:normal" command it works :)

Sebastian

Louis Lagendijk schrieb:

On Thu, 2008-05-29 at 15:34 +0200, Sebastian Marten wrote:

Hi list,
Is it possible to set up an NFSv4/Kerberos environment on CentOS 5.1?
I set up Kerberos and NFS but get several erros

"Warning: rpc.gssd appears not to be running.
mount.nfs4: Permission denied"

Yes, NFS4 works with Kerberos on Centos5.
But the kernel only supports es-cbc-crc:normal, so when you add the key
for NFS to the keytab, use:
ktadd -e des-cbc-crc:normal -k /tmp/keytab nfs/myclient.mydomain



Is this an CentOS oder an config problem?


config....




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 04:25 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.