[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: home0 not mounted after kernel upgrade

Hi Wolfgang,

On  Sa 15 Mär 2014 11:31:12 CET, Wolfgang Schweer wrote:


On Wed, Mar 12, 2014 at 05:53:40PM +0900, nigel barker wrote:

On 12 March 2014 17:22, Petter Reinholdtsen <pere@hungry.com> wrote:
> running this as root:
>
>   /usr/lib/debian-edu-config/testsuite/automount
>

success: /usr/lib/debian-edu-config/testsuite/automount: automount is
running. /usr/lib/debian-edu-config/testsuite/automount: 28: cd: can't
cd to /skole/tjener/home0/ error:
/usr/lib/debian-edu-config/testsuite/automount: unable to cd into
/skole/tjener/home0/ (is DNS name of this machine in required
netgroup?)


> Perhaps there is something about any problems in /var/log/syslog?

this appears a lot:

Mar 12 17:42:35 ws30 rpc.gssd[2033]: ERROR: Key table file
'/etc/krb5.keytab' not found while beginning keytab scan for keytab
'FILE:/etc/krb5.keytab' Mar 12 17:42:35 ws30 rpc.gssd[2033]: ERROR:
gssd_refresh_krb5_machine_credential: no usable keytab entry found in
keytab /etc/krb5.keytab for connection with host tjener.intern Mar 12
17:42:35 ws30 rpc.gssd[2033]: ERROR: No credentials found for
connection to server tjener.intern


Looks like the krb5_machine_credential is required.

This worked for me in a virtual box test environment (ltspserver01
running with bpo kernel 3.12):

(1) As root on tjener execute kadmin to create Kerberos machine account
(enter root pw when prompted):

kadmin: ank -randkey host/ltspserver01.intern$
kadmin: ank -randkey nfs/ltspserver01.intern$
kadmin: ktadd -randkey host/ltspserver01.intern$
kadmin: ktadd -randkey host/ltspserver01.intern$
kadmin: q


(2) Check if this worked ok:

klist -kt should show something like this:

Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------ 
   2 29.10.2013 21:38:59 host/tjener.intern@INTERN
   2 29.10.2013 21:38:59 host/tjener.intern@INTERN
   2 29.10.2013 21:38:59 host/tjener.intern@INTERN
   2 29.10.2013 21:38:59 host/tjener.intern@INTERN
   2 29.10.2013 21:38:59 nfs/tjener.intern@INTERN
   2 29.10.2013 21:38:59 nfs/tjener.intern@INTERN
   2 29.10.2013 21:38:59 nfs/tjener.intern@INTERN
   2 29.10.2013 21:38:59 nfs/tjener.intern@INTERN
   2 29.10.2013 21:38:59 cifs/tjener.intern@INTERN
   2 29.10.2013 21:38:59 cifs/tjener.intern@INTERN
   2 29.10.2013 21:38:59 cifs/tjener.intern@INTERN
   2 29.10.2013 21:38:59 cifs/tjener.intern@INTERN
   2 15.03.2014 10:16:21 nfs/ltspserver01.intern$@INTERN
   2 15.03.2014 10:16:21 nfs/ltspserver01.intern$@INTERN
   2 15.03.2014 10:16:33 host/ltspserver01.intern$@INTERN
   2 15.03.2014 10:16:21 nfs/ltspserver01.intern$@INTERN
   2 15.03.2014 10:16:33 host/ltspserver01.intern$@INTERN
   2 15.03.2014 10:16:21 nfs/ltspserver01.intern$@INTERN
   2 15.03.2014 10:16:33 host/ltspserver01.intern$@INTERN
   2 15.03.2014 10:16:33 host/ltspserver01.intern$@INTERN

(2) scp /etc/krb5.keytab ltspserver01:/etc

Please note that mounting will not work if root logs in, as root has no
Kerberos TGT. So /skole/tjener/home0 will only be mounted if an
ordinary user logs in.

My environment had been modified before for other tests - so maybe
you'll have to do something else as well.

I guess this might be an issue for d-e jessie...

Wolfgang
Ohooooh... This will become quite a problem on diskless workstations (that naturally do not have per-machine unique machine credentials). 

Mike

--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Attachment: pgpj748ETE53V.pgp
Description: Digitale PGP-Signatur

Reply to: