Hi Wolfgang, On Sa 15 Mär 2014 11:31:12 CET, Wolfgang Schweer wrote:
On Wed, Mar 12, 2014 at 05:53:40PM +0900, nigel barker wrote:On 12 March 2014 17:22, Petter Reinholdtsen <pere@hungry.com> wrote: > running this as root: > > /usr/lib/debian-edu-config/testsuite/automount > success: /usr/lib/debian-edu-config/testsuite/automount: automount is running. /usr/lib/debian-edu-config/testsuite/automount: 28: cd: can't cd to /skole/tjener/home0/ error: /usr/lib/debian-edu-config/testsuite/automount: unable to cd into /skole/tjener/home0/ (is DNS name of this machine in required netgroup?) > Perhaps there is something about any problems in /var/log/syslog? this appears a lot: Mar 12 17:42:35 ws30 rpc.gssd[2033]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab' Mar 12 17:42:35 ws30 rpc.gssd[2033]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host tjener.intern Mar 12 17:42:35 ws30 rpc.gssd[2033]: ERROR: No credentials found for connection to server tjener.internLooks like the krb5_machine_credential is required. This worked for me in a virtual box test environment (ltspserver01 running with bpo kernel 3.12): (1) As root on tjener execute kadmin to create Kerberos machine account (enter root pw when prompted): kadmin: ank -randkey host/ltspserver01.intern$ kadmin: ank -randkey nfs/ltspserver01.intern$ kadmin: ktadd -randkey host/ltspserver01.intern$ kadmin: ktadd -randkey host/ltspserver01.intern$ kadmin: q (2) Check if this worked ok: klist -kt should show something like this: Keytab name: FILE:/etc/krb5.keytab KVNO Timestamp Principal---- ------------------- ------------------------------------------------------2 29.10.2013 21:38:59 host/tjener.intern@INTERN 2 29.10.2013 21:38:59 host/tjener.intern@INTERN 2 29.10.2013 21:38:59 host/tjener.intern@INTERN 2 29.10.2013 21:38:59 host/tjener.intern@INTERN 2 29.10.2013 21:38:59 nfs/tjener.intern@INTERN 2 29.10.2013 21:38:59 nfs/tjener.intern@INTERN 2 29.10.2013 21:38:59 nfs/tjener.intern@INTERN 2 29.10.2013 21:38:59 nfs/tjener.intern@INTERN 2 29.10.2013 21:38:59 cifs/tjener.intern@INTERN 2 29.10.2013 21:38:59 cifs/tjener.intern@INTERN 2 29.10.2013 21:38:59 cifs/tjener.intern@INTERN 2 29.10.2013 21:38:59 cifs/tjener.intern@INTERN 2 15.03.2014 10:16:21 nfs/ltspserver01.intern$@INTERN 2 15.03.2014 10:16:21 nfs/ltspserver01.intern$@INTERN 2 15.03.2014 10:16:33 host/ltspserver01.intern$@INTERN 2 15.03.2014 10:16:21 nfs/ltspserver01.intern$@INTERN 2 15.03.2014 10:16:33 host/ltspserver01.intern$@INTERN 2 15.03.2014 10:16:21 nfs/ltspserver01.intern$@INTERN 2 15.03.2014 10:16:33 host/ltspserver01.intern$@INTERN 2 15.03.2014 10:16:33 host/ltspserver01.intern$@INTERN (2) scp /etc/krb5.keytab ltspserver01:/etc Please note that mounting will not work if root logs in, as root has no Kerberos TGT. So /skole/tjener/home0 will only be mounted if an ordinary user logs in. My environment had been modified before for other tests - so maybe you'll have to do something else as well. I guess this might be an issue for d-e jessie... Wolfgang
Ohooooh... This will become quite a problem on diskless workstations (that naturally do not have per-machine unique machine credentials).
Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
Attachment:
pgpj748ETE53V.pgp
Description: Digitale PGP-Signatur