Re: error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)
Arno Schuring <aelschuring@hotmail.com> писал(а) в своём письме Wed, 16 Nov 2011 23:34:50 +0400:
Kramarenko A. Maksim (Mc.Sim@k-max.name on 2011-11-15 09:51 +0400):
Arno Schuring <aelschuring@hotmail.com> писал(а) в своём письме Tue,
15 Nov 2011 03:30:54 +0400:
[..]
Nov 15 00:06:32 debian rpc.gssd[1730]: Success getting keytab entry
for 'nfs/debian.sag.local@SAG.LOCAL'
Seems good...
=============== ... and server: ===============
The server does not seem to accept the encryption type, or the KDC
(Windows) is rejecting the negotiation. Does the client keytab contain
multiple encryption types (klist -k -e)?
keytab contains all types of encryption supported by Win 2k8 R2:
ARCHIV ~ # klist -ke
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
5 nfs/archiv.sag.local@SAG.LOCAL (des-cbc-crc)
5 nfs/archiv.sag.local@SAG.LOCAL (des-cbc-md5)
5 nfs/archiv.sag.local@SAG.LOCAL (arcfour-hmac)
5 nfs/archiv.sag.local@SAG.LOCAL (aes256-cts-hmac-sha1-96)
5 nfs/archiv.sag.local@SAG.LOCAL (aes128-cts-hmac-sha1-96)
In this case, the ticket machine to have the correct encryption type when mounting:
ARCHIV ~ # klist -e /tmp/krb5cc_machine_SAG.LOCAL
Ticket cache: FILE:/tmp/krb5cc_machine_SAG.LOCAL
Default principal: nfs/archiv.sag.local@SAG.LOCAL
Valid starting Expires Service principal
11/15/11 11:12:04 11/15/11 21:12:09 krbtgt/SAG.LOCAL@SAG.LOCAL
renew until 11/16/11 11:12:04, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
11/15/11 11:12:09 11/15/11 21:12:09 nfs/archiv.sag.local@SAG.LOCAL
renew until 11/16/11 11:12:04, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5
Can the server mount itself? Try mounting the exported directories on
the server to see if that works.
Local mount just does not work with the same error: (
You might get more response on linux-nfs@vger.kernel.org
This mailing list I have not received an answer to my question: (
--
Best Regards
Reply to: