LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Enterprise Linux Forums > Linux - Enterprise
Reload this Page Kerberized NFS without a keytab file (CentOS/Gentoo)
User Name
Password
Linux - Enterprise This forum is for all items relating to using Linux in the Enterprise.

Notices

Reply
 
LinkBack Search this Thread
Old 05-27-2010, 02:49 PM   #1
Jessard
Member
 
Registered: Jun 2005
Location: Boston, USA
Distribution: Gentoo, CentOS
Posts: 82

Rep: Reputation: 16
Kerberized NFS without a keytab file (CentOS/Gentoo)

I'm having trouble mounting a kerberized NFS share on Gentoo that works just fine from CentOS. I can mount other NFS shares (with NFS option sec=sys), and I can get kerberos tickets for my own username. But, when I try to put it all together (with sec=krb5), it won't mount.

The problem seems to be a missing krb5.keytab file. CentOS complains about it with warnings, but continues anyway, as the man pages say it should. Faced with the same situation, Gentoo throws errors in place of warnings and refuses to even try. Both have the same krb5.conf and relevant fstab lines. I've tried explicitly setting verify_ap_req_nofail to false, but it doesn't help. (Continuing with warnings is supposed to be the default anyway, from what I understand.) Any suggestions?

verbose rpc.gssd output On CentOS:

Code:
Using keytab file '/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab
'/etc/krb5.keytab'
ERROR: No usable keytab entries found in keytab '/etc/krb5.keytab'
Do you have a valid keytab entry for nfs/<your.host>@<YOUR.REALM> in keytab
file /etc/krb5.keytab ?
Continuing without (machine) credentials - nfs4 mounts with Kerberos will fail
destroying client clnt5
handling krb5 upcall
Using keytab file '/etc/krb5.keytab'
WARNING: Failed to obtain machine credentials for connection to server
netapp.example.com
doing error downcall
handling krb5 upcall
Using keytab file '/etc/krb5.keytab'
WARNING: Failed to obtain machine credentials for connection to server
netapp.example.com
doing error downcall
verbose rpc.gssd output on Gentoo:

Code:
beginning poll
destroying client clnt11
handling krb5 upcall
Full hostname for 'netapp.example.com' is 'netapp.example.com'
Full hostname for 'localhost' is 'localhost'
No such file or directory while getting keytab entry for 'root/localhost@AD.EXAMPLE.COM'
No such file or directory while getting keytab entry for 'nfs/localhost@AD.EXAMPLE.COM'
No such file or directory while getting keytab entry for 'host/localhost@AD.EXAMPLE.COM'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
No such file or directory while getting keytab entry for 'root/localhost@example.com'
No such file or directory while getting keytab entry for 'nfs/localhost@example.com'
No such file or directory while getting keytab entry for 'host/localhost@example.com'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host netapp.example.com
ERROR: No credentials found for connection to server netapp.example.com
doing error downcall
handling krb5 upcall
Full hostname for 'netapp.example.com' is 'netapp.example.com'
Full hostname for 'localhost' is 'localhost'
No such file or directory while getting keytab entry for 'root/localhost@AD.EXAMPLE.COM'
No such file or directory while getting keytab entry for 'nfs/localhost@AD.EXAMPLE.COM'
No such file or directory while getting keytab entry for 'host/localhost@AD.EXAMPLE.COM'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
No such file or directory while getting keytab entry for 'root/localhost@example.com'
No such file or directory while getting keytab entry for 'nfs/localhost@example.com'
No such file or directory while getting keytab entry for 'host/localhost@example.com'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host netapp.example.com
ERROR: No credentials found for connection to server netapp.example.com
doing error downcall
handling krb5 upcall
Full hostname for 'netapp.example.com' is 'netapp.example.com'
Full hostname for 'localhost' is 'localhost'
No such file or directory while getting keytab entry for 'root/localhost@AD.EXAMPLE.COM'
No such file or directory while getting keytab entry for 'nfs/localhost@AD.EXAMPLE.COM'
No such file or directory while getting keytab entry for 'host/localhost@AD.EXAMPLE.COM'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
No such file or directory while getting keytab entry for 'root/localhost@example.com'
No such file or directory while getting keytab entry for 'nfs/localhost@example.com'
No such file or directory while getting keytab entry for 'host/localhost@example.com'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: No such file or directory while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host netapp.example.com
ERROR: No credentials found for connection to server netapp.example.com
doing error downcall
destroying client clnt10
destroying client clntf
exiting on signal 2
P.S. I should have thought about the fact that I'm asking about using Gentoo in the Enterprise forum... feel free to say so if this thread should be moved
Last edited by Jessard; 05-27-2010 at 03:06 PM. Reason: Irony
 
  


Reply

Tags
nfs


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS+VMware unable to install CentOs from nfs foottuns Linux - Networking 1 11-21-2009 08:53 PM
LXer: Install CentOS 5 DomU on CentOS 5 Dom0(64 bit) from NFS share LXer Syndicated Linux News 0 11-09-2007 03:41 AM
kerberized ssh window client can't authenticate to kerberized Linux SSH server celeron Linux - Software 0 04-11-2007 05:36 AM
Keytab files for VT220 and SCO ANSI dm79246 Linux - General 0 01-24-2007 10:34 AM
KDE konsole - Gnome-terminal language encoding or keytab thk33 Linux - Software 3 09-19-2004 03:59 PM


All times are GMT -5. The time now is 04:27 PM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration