nfs4+krb mount on client - if 'hostname' returns fqdn mount doesn't work
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| nfs-utils (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
I have problem with mountning NFS4 file with Kerberos security ( I can mount without Kerberos security)
Both test machines run Ubuntu-saucy
I have the nfs4 server which joined to AD with ‘msktutil’ :
Server’s /etc/krb5.keytab
klist –ke
Keytab name: FILE:/etc/
KVNO Principal
---- -------
3 SERVER$@DOMAIN.ORG (arcfour-hmac)
3 SERVER$@DOMAIN.ORG (aes128-
3 SERVER$@DOMAIN.ORG (aes256-
3 <email address hidden> (arcfour-hmac)
3 <email address hidden> (aes128-
3 <email address hidden> (aes256-
3 <email address hidden> (arcfour-hmac)
3 <email address hidden> (aes128-
3 <email address hidden> (aes256-
Then, joined client machine to AD with ‘realm’ command:
alongina@client:~$ sudo realm join --verbose -U USER --computer-ou OU="Linux computers"
[sudo] password for alongina:
* Resolving: _ldap._
* Performing LDAP DSE lookup on: 10.144.5.17
* Performing LDAP DSE lookup on: 10.144.5.18
* Successfully discovered: domain.org
Password for USER:
* Unconditionally checking packages
* Resolving required packages
* Installing necessary packages: samba-common-bin
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/
Enter USER's password:
DNS update failed!
Using short domain name – AAA-BBB
Joined 'CLIENT' to dns domain 'domain.org'
No DNS domain configured for client. Unable to perform DNS Update.
* LANG=C LOGNAME=root /usr/bin/net -s /var/cache/
Enter USER's password:
* /usr/sbin/
update-rc.d: /etc/init.d/sssd: file does not exist
* /usr/sbin/service sssd restart
sssd stop/waiting
sssd start/running, process 3597
* Successfully enrolled machine in realm
=======
klist –ke
Keytab name: FILE:/etc/
KVNO Principal
---- -------
4 <email address hidden> (des-cbc-crc)
4 <email address hidden> (des-cbc-md5)
4 <email address hidden> (aes128-
4 <email address hidden> (aes256-
4 <email address hidden> (arcfour-hmac)
4 <email address hidden> (des-cbc-crc)
4 <email address hidden> (des-cbc-md5)
4 <email address hidden> (aes128-
4 <email address hidden> (aes256-
4 <email address hidden> (arcfour-hmac)
4 CLIENT$@DOMAIN.ORG (des-cbc-crc)
4 CLIENT$@DOMAIN.ORG (des-cbc-md5)
4 CLIENT$@DOMAIN.ORG (aes128-
4 CLIENT$@DOMAIN.ORG (aes256-
4 CLIENT$@DOMAIN.ORG (arcfour-hmac)
=======
root@client:
mount.nfs4: access denied by server while mounting server.
client:
/var/log/syslog
eb 11 16:00:39 client rpc.gssd[708]: handling gssd upcall (/run/rpc_
Feb 11 16:00:39 client rpc.gssd[708]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=
Feb 11 16:00:39 client rpc.gssd[708]: handling krb5 upcall (/run/rpc_
Feb 11 16:00:39 client rpc.gssd[708]: process_
Feb 11 16:00:39 client rpc.gssd[708]: Full hostname for 'server.domain.org' is 'server.domain.org'
Feb 11 16:00:39 client rpc.gssd[708]: Full hostname for 'client.domain.org' is 'client.domain.org'
Feb 11 16:00:39 client rpc.gssd[708]: No key table entry found for CLIENT.
Feb 11 16:00:39 client rpc.gssd[708]: No key table entry found for <email address hidden> while getting keytab entry for '<email address hidden>'
Feb 11 16:00:39 client rpc.gssd[708]: No key table entry found for <email address hidden> while getting keytab entry for '<email address hidden>'
Feb 11 16:00:39 client rpc.gssd[708]: Success getting keytab entry for '<email address hidden>'
Feb 11 16:00:39 client rpc.gssd[708]: WARNING: Client not found in Kerberos database while getting initial ticket for principal '<email address hidden>' using keytab 'FILE:/
Feb 11 16:00:39 client rpc.gssd[708]: ERROR: No credentials found for connection to server server.domain.org
Feb 11 16:00:39 client rpc.gssd[708]: doing error downcall
Is it mismatch with encryption typs?
Problem with DNS ?
Client machine is missing reverse addresse in DNS…
host client.domain.org
client.domain.org has address 10.80.8.54
| tags: | added: saucy |
