I've followed the the Solaris guide "http://rc.quest.com/topics/howto/nfs/solaris.php".
I've got two hosts nfsserver.domain.com and nfsclient.domain.com. Both running RHEL5.5 x86_64.
I've exported my volumes like so:
/data *(sec=krb5,rw,insecure,sync,wdelay,no_subtree_check,fsid=0)
/data/homes *(sec=krb5,rw,insecure,sync,wdelay,no_subtree_check,nohide,anonuid=65534,anongid=65534)
/data/shares *(sec=krb5,rw,insecure,sync,wdelay,no_subtree_check,nohide,anonuid=65534,anongid=65534)
I can mount them if I remove the krb5 option, so I know the syntax is correct.
here are my SPNs:
NFS Client:
nfs/nfsclient.domain.com
host/nfsclient.domain.com
NFS Server:
nfs/nfsserver.domain.com
host/nfsserver.domin.com
here are my UPNs:
for nfsserver.domain.com
nfs/nfsserver.domain.com@DOMAIN.COM
for nfsclient.domain.com
nfs/nfsclient.domain.com@DOMAIN.COM
I've symlinked vas.conf with krb5.conf and host.keytab with krb5.keytab.
rpc.gssd sees a valid ticket:
Credentials in CC 'MEMORY:/tmp/krb5cc_machine_DOMAIN.COM' are good until 1278569005
rpc.idmapd logging shows it detects domain.com as its domain, however I'm not getting any mapping. rpc.gssd logging in /var/log/messages shows the following whenever a user attempts to mount the export:
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: rpcsec_gss: gss_init_sec_context: (major) Unspecified GSS failure. Minor code may provide more information - (minor) Unknown code krb5 7
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: WARNING: Failed to create krb5 context for user with uid 0 for server nfsserver.domain.com
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: WARNING: Failed to create krb5 context for user with uid 0 with credentials cache MEMORY:/tmp/krb5cc_machine_DOMAIN.COM for server nfsserver.domain.com
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: WARNING: Failed to create krb5 context for user with uid 0 with any credentials cache for server nfsserver.domain.com
the mount command output is "permission denied".
Any help would be awesome!!!!!!!!!!
I've got two hosts nfsserver.domain.com and nfsclient.domain.com. Both running RHEL5.5 x86_64.
I've exported my volumes like so:
/data *(sec=krb5,rw,insecure,sync,wdelay,no_subtree_check,fsid=0)
/data/homes *(sec=krb5,rw,insecure,sync,wdelay,no_subtree_check,nohide,anonuid=65534,anongid=65534)
/data/shares *(sec=krb5,rw,insecure,sync,wdelay,no_subtree_check,nohide,anonuid=65534,anongid=65534)
I can mount them if I remove the krb5 option, so I know the syntax is correct.
here are my SPNs:
NFS Client:
nfs/nfsclient.domain.com
host/nfsclient.domain.com
NFS Server:
nfs/nfsserver.domain.com
host/nfsserver.domin.com
here are my UPNs:
for nfsserver.domain.com
nfs/nfsserver.domain.com@DOMAIN.COM
for nfsclient.domain.com
nfs/nfsclient.domain.com@DOMAIN.COM
I've symlinked vas.conf with krb5.conf and host.keytab with krb5.keytab.
rpc.gssd sees a valid ticket:
Credentials in CC 'MEMORY:/tmp/krb5cc_machine_DOMAIN.COM' are good until 1278569005
rpc.idmapd logging shows it detects domain.com as its domain, however I'm not getting any mapping. rpc.gssd logging in /var/log/messages shows the following whenever a user attempts to mount the export:
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: rpcsec_gss: gss_init_sec_context: (major) Unspecified GSS failure. Minor code may provide more information - (minor) Unknown code krb5 7
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: WARNING: Failed to create krb5 context for user with uid 0 for server nfsserver.domain.com
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: WARNING: Failed to create krb5 context for user with uid 0 with credentials cache MEMORY:/tmp/krb5cc_machine_DOMAIN.COM for server nfsserver.domain.com
Jul 7 13:40:01 nfsclient rpc.gssd[2310]: WARNING: Failed to create krb5 context for user with uid 0 with any credentials cache for server nfsserver.domain.com
the mount command output is "permission denied".
Any help would be awesome!!!!!!!!!!