Using Active Directory as KDC for NFSv4
Greetings!
I have AD DS installed on Windows Server 2008 R2. Also, I've got SLES 10.3 as NFSv4 server, which will allow remote users to mount their /home partitions. What I need, is NFSv4 w/Kerberos. As AD server already has integrated Kerberos server, I need SLES to authenticate in it.
Everything works good, but when it comes to svcgssd service activation, I receive an error.
Here's the log:
/usr/sbin/rpc.svcgssd -f
ERROR: GSS-API: error in gss_acquire_cred(): Miscellaneous failure - No principal in keytab matches desired name
unable to obtain root (machine) credentials
do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
Earlier, I've created proper (well, I think it's a proper one) keytab. AD user was created and then, on Windows server, following ktpass command was executed:
ktpass -princ nfs/hostname.domain.com@DOMAIN.COM -mapuser DOMAIN\username -pass xxxxxxx -ptype KRB5_NT_PRINCIPAL -out krb5.keytab
Then, the resulting krb5.keytab file was put on SLES server, but still I receive the same error.
That's what "klist -k /etc/krb5.keytab" shows:
Keytab name: FILE:/etc/krb5.keytab KVNO Principal
------------ 8 nfs/ip-10-243-1-2.domain.com@DOMAIN.COM
Domain name was changed due to security measures =) But it appears to be right.
What can cause such problem?
Thank you.
|