Will, you're a little too helpful :) I'm not ready to reply
to the list and provide the summary of what the solution to
my original post was. Strange that you are ... for me!
A bit premature.
Using short hostnames did not solve the problem.
Fixing /var/krb5 on the single box that was missing
On Wed, May 21, 2008 at 12:27:27PM -0400, Jeff Blaine wrote:
Will, you're a little too helpful :) I'm not ready to reply
to the list and provide the summary of what the solution to
my original post was. Strange that you are ... for me!
A bit premature.
Using short hostnames did not
On Wed, May 21, 2008 at 12:46:34PM -0500, Will Fiveash wrote:
On Tue, May 20, 2008 at 05:17:11PM -0500, Will Fiveash wrote:
Second, the nodename/hostname associated with a Solaris system should
be short form. For example when running the /usr/bin/hostname command
the output should be
As a follow on to this, it looks like the problem is system
configuration issues. For one, these errors reported by pkgchk -n
indicate major problem in that these are system directories, without
which Solaris Kerberos will not function.
ERROR: /var/krb5
pathname does not exist
ERROR:
In general it looks like it should be working. Can you do the
sudo share -F nfs -o sec=krb5,rw=crete:barnowl /usr
sudo mount -F nfs -o sec=krb5 barnowl:/usr /mnt
/:barnowl sudo share -F nfs -o sec=krb5,rw=crete:barnowl /usr
/:barnowl sudo mount -F nfs -o sec=krb5 barnowl:/usr /mnt
nfs
According to the log below and your klist output you have not
performed step 2a from the How to Access a Kerberos Protected NFS
File System as the root User section here
http://docs.sun.com/app/docs/doc/816-4557/setup-148?a=view. It is also
listed as an optional step 6b in the How to Manually
On Mon, May 19, 2008 at 01:15:48PM -0700, Borislav_S wrote:
According to the log below and your klist output you have not
performed step 2a from the How to Access a Kerberos Protected NFS
File System as the root User section here
http://docs.sun.com/app/docs/doc/816-4557/setup-148?a=view. It
On Thu, May 15, 2008 at 08:55:31PM -0400, Jeff Blaine wrote:
Okay, well, according to the docs, I don't see that I am
doing anything wrong. Here's a load of info showing the
situation and the resulting KDC info.
In general it looks like it should be working. Can you do the
sudo share -F nfs
If anyone has any idea what I am doing wrong here, please
chime in.
~:barnowl uname -a
SunOS barnowl.foo.com 5.10 Generic_127127-11 sun4u sparc
SUNW,Sun-Fire-V240
~:barnowl sudo klist -e -k /etc/krb5.keytab | grep nfs
3 nfs/[EMAIL PROTECTED] (DES cbc mode with CRC-32)
4 nfs/[EMAIL
Jeff Blaine wrote:
If anyone has any idea what I am doing wrong here, please
chime in.
~:barnowl uname -a
SunOS barnowl.foo.com 5.10 Generic_127127-11 sun4u sparc
SUNW,Sun-Fire-V240
~:barnowl sudo klist -e -k /etc/krb5.keytab | grep nfs
3 nfs/[EMAIL PROTECTED] (DES cbc mode with
Heh, so much for sanitizing email before I send it out.
Everything is mitre.org. Ignore the foo.com. They
all match.
Why does barnowl have a keytab entry for crete in its keytab?
Just me screwing around. Should be irrelevant.
Could be hostname and principla dont match: crete.foo.com !=
On Thu, May 15, 2008 at 12:55 PM, Jeff Blaine [EMAIL PROTECTED] wrote:
If anyone has any idea what I am doing wrong here, please
chime in.
~:barnowl uname -a
SunOS barnowl.foo.com 5.10 Generic_127127-11 sun4u sparc
SUNW,Sun-Fire-V240
~:barnowl sudo klist -e -k /etc/krb5.keytab | grep nfs
It looks like maybe you tried to hide some details, but didn't get
them all? Does your real DNS domain match your REALM name? If not,
does your krb5.conf (/etc/krb5/krb5.conf) properly map the hosts'
domain(s) to your realm?
Yes *sigh* :( Everything works properly outside of this
On Thu, May 15, 2008 at 12:55:15PM -0400, Jeff Blaine wrote:
If anyone has any idea what I am doing wrong here, please
chime in.
Have you followed the steps documented in the Configuring Kerberos NFS
Servers and Configuring Kerberos Clients sections in:
http://docs.sun.com/app/docs/doc/816-4557
On Thu, May 15, 2008 at 01:48:03PM -0400, Kevin Coffman wrote:
BTW, there is no need to limit Solaris 10 hosts to DES-only keys.
That is a current Linux limitation. As long as your Solaris server
has a DES key (along with keys for stronger enctypes), the Linux
client should be able to
Will Fiveash wrote:
On Thu, May 15, 2008 at 12:55:15PM -0400, Jeff Blaine wrote:
If anyone has any idea what I am doing wrong here, please
chime in.
Have you followed the steps documented in the Configuring Kerberos NFS
Servers and Configuring Kerberos Clients sections in:
Okay, well, according to the docs, I don't see that I am
doing anything wrong. Here's a load of info showing the
situation and the resulting KDC info.
PS: The catted example krb5.conf at
http://docs.sun.com/app/docs/doc/816-4557/setup-148?a=view
is missing a closing brace for gkadmin in
17 matches
Mail list logo
