-----Original Message----- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Dan Burkland Sent: Thursday, December 03, 2009 11:44 AM To: CentOS mailing list Subject: Re: [CentOS] Kerberos + NFSv4 difficulties
-----Original Message----- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Miguel Di Ciurcio Filho Sent: Thursday, December 03, 2009 5:37 AM To: CentOS mailing list Subject: Re: [CentOS] Kerberos + NFSv4 difficulties Dan Burkland wrote: > > d. SECURE_NFS = "yes" > Uncomment this lines for a more much more verbose logging in /etc/sysconfig/nfs: RPCGSSDARGS="-vvv" RPCSVCGSSDARGS="-vvv" > > a. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: ERROR: GSS-API: error in > gss_acquire_cred(): Unspecified GSS failure. Minor code may provide > more information - No principal in keytab matches desired name > > b. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: Unable to obtain > credentials for 'nfs' > > c. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: unable to obtain root > (machine) credentials > > d. Dec 2 12:16:51 nfs rpc.svcgssd[6018]: do you have a keytab > entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab? > Double check your /etc/krb5.keytab. On the server it must have the nfs/server.exemple.net key and on the client it must have nfs/client.exemple.net. In idmapd.conf, leave it as the default: [General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = localdomain [Mapping] Nobody-User = nobody Nobody-Group = nobody [Translation] Method = nsswitch Believe me, I've tried to understand[1] why Domain must be "localdomain" but I've no been lucky. Regards, Miguel [1] http://linux-nfs.org/pipermail/nfsv4/2009-September/011369.html _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos _______________________________________________ I made the requested changes and when I start the nfs services (/etc/init.d/nfs start) I get the same error messages. I made sure that I have used kinit nfs/nfs.example.net -k -t /etc/krb5.keytab and verified that the principle was loaded by using klist. I have disabled SELINUX & iptables to make sure that neither are interfering with this. Thanks again for the help! _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos _______________________________________________ I finally figured out what the heck was causing the problem, it was the following line in my /etc/hosts file: 127.0.0.1 localhost localhost.localdomain nfs.example.net nfs Once I removed the "nfs.example.net" & "nfs" entries the rpc.svcgssd service started fine. Regards, Dan _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
