Hello. I have been trying to set up a local-teachpurpose-server at home.
My enviroment: debian squeeze KVM/libvirt machine, with 2.6.32-5-amd64 kernel.
When restarting services with the correct configuration, i get this:
As you can see, the keytab is there, with correct permissions to read by root.
root@goku:~# /etc/init.d/nfs-common restart
Stopping NFS common utilities: gssd idmapd statd.
Starting NFS common utilities: statd idmapd gssd.
root@goku:~# /etc/init.d/nfs-kernel-server restart
Stopping NFS kernel daemon: mountd svcgssd nfsd.
Unexporting directories for NFS kernel daemon....
Exporting directories for NFS kernel daemon....
Starting NFS kernel daemon: nfsd svcgssd failed!
root@goku:~# tail /var/log/syslog
Feb 11 18:29:45 goku kernel: [ 2266.025197] nfsd: last server has
exited, flushing export cache
Feb 11 18:29:46 goku kernel: [ 2267.119699] svc: failed to register
lockdv1 RPC service (errno 97).
Feb 11 18:29:46 goku kernel: [ 2267.121318] NFSD: Using
/var/lib/nfs/v4recovery as the NFSv4 state recovery directory
Feb 11 18:29:46 goku kernel: [ 2267.122284] NFSD: starting 90-second
grace period
Feb 11 18:29:46 goku rpc.svcgssd[2333]: ERROR: GSS-API: error in
gss_acquire_cred(): Unspecified GSS failure. Minor code may provide
more information - Key table entry not found
Feb 11 18:29:46 goku rpc.svcgssd[2333]: unable to obtain root
(machine) credentials
Feb 11 18:29:46 goku rpc.svcgssd[2333]: do you have a keytab entry for
nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
root@goku:~# ls -l /etc/krb5.keytab
-rw-r----- 1 root openldap 1210 feb 11 11:11 /etc/krb5.keytab
root@goku:~# klist -k
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 host/[email protected]
2 host/[email protected]
2 host/[email protected]
2 host/[email protected]
2 ldap/[email protected]
2 ldap/[email protected]
2 ldap/[email protected]
2 ldap/[email protected]
4 nfs/[email protected]
4 nfs/[email protected]
4 nfs/[email protected]
4 nfs/[email protected]
Is a bug? A incompatibility between my packages versions? A
configuration problem? Any idea?
Thank you. Best regards.
---------- Forwarded message ----------
From: J. Bruce Fields <[email protected]>
Date: 2011/2/11
Subject: Re: Mistery with krb5/nfs4 (bug with 2.6.32-5-amd64 kernel??)
To: CeR <[email protected]>
Cc: Dug Song <[email protected]>, Andy Adamson <[email protected]>,
Marius Aamodt Eriksen <[email protected]>
On Fri, Feb 11, 2011 at 06:42:41PM +0100, CeR wrote:
> Hello. I'm a IT student from Spain.
Could you send this to [email protected] instead?
--b.
--
[*] CeR / Arturo Borrero Gonzalez [*]
Thank you, i will take a look to the enctypes of my keytab. I hope
that's the problem.
Here /etc/krb5.conf
-----------------------------------------------------------------------
[libdefaults]
default_realm = EXAMPLE.COM
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[login]
krb4_convert = true
krb4_get_tickets = false
--------------------------------------------------------------------------------
Here /etc/hosts
127.0.0.1 localhost goku goku.example.com nfs.example.com
10.0.0.1 goku goku.example.com
10.0.0.1 nfs.example.com
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
2011/2/11 Kevin Coffman <[email protected]>:
> On Fri, Feb 11, 2011 at 1:38 PM, CeR <[email protected]> wrote:
>>
>> Hello. I have been trying to set up a local-teachpurpose-server at home.
>>
>> My enviroment: debian squeeze KVM/libvirt machine, with 2.6.32-5-amd64 kernel.
>>
>> When restarting services with the correct configuration, i get this:
>> As you can see, the keytab is there, with correct permissions to read by root.
>>
>> root@goku:~# /etc/init.d/nfs-common restart
>> Stopping NFS common utilities: gssd idmapd statd.
>> Starting NFS common utilities: statd idmapd gssd.
>>
>> root@goku:~# /etc/init.d/nfs-kernel-server restart
>> Stopping NFS kernel daemon: mountd svcgssd nfsd.
>> Unexporting directories for NFS kernel daemon....
>> Exporting directories for NFS kernel daemon....
>> Starting NFS kernel daemon: nfsd svcgssd failed!
>>
>> root@goku:~# tail /var/log/syslog
>> Feb 11 18:29:45 goku kernel: [ 2266.025197] nfsd: last server has
>> exited, flushing export cache
>> Feb 11 18:29:46 goku kernel: [ 2267.119699] svc: failed to register
>> lockdv1 RPC service (errno 97).
>> Feb 11 18:29:46 goku kernel: [ 2267.121318] NFSD: Using
>> /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
>> Feb 11 18:29:46 goku kernel: [ 2267.122284] NFSD: starting 90-second
>> grace period
>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: ERROR: GSS-API: error in
>> gss_acquire_cred(): Unspecified GSS failure. ?Minor code may provide
>> more information - Key table entry not found
>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: unable to obtain root
>> (machine) credentials
>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: do you have a keytab entry for
>> nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
>>
>> root@goku:~# ls -l /etc/krb5.keytab
>> -rw-r----- 1 root openldap 1210 feb 11 11:11 /etc/krb5.keytab
>>
>> root@goku:~# klist -k
>> Keytab name: WRFILE:/etc/krb5.keytab
>> KVNO Principal
>> ---- --------------------------------------------------------------------------
>> ? 2 host/[email protected]
>> ? 2 host/[email protected]
>> ? 2 host/[email protected]
>> ? 2 host/[email protected]
>> ? 2 ldap/[email protected]
>> ? 2 ldap/[email protected]
>> ? 2 ldap/[email protected]
>> ? 2 ldap/[email protected]
>> ? 4 nfs/[email protected]
>> ? 4 nfs/[email protected]
>> ? 4 nfs/[email protected]
>> ? 4 nfs/[email protected]
>>
>>
>> Is a bug? A incompatibility between my packages versions? A
>> configuration problem? Any idea?
>>
>>
>> Thank you. Best regards.
>
> First, with this kernel version, you should only have one keytab entry
> for nfs/goku.example.com with a DES key. ?(You don't show the
> enctypes, but I see you have 4 keys for nfs.) ?You won't hit this
> problem until you get past the other error.
>
> Make sure the reverse look-up for your server's host returns the
> correct name. ?(Matching the name in the keytab, "goku.example.com")
>
> Perhaps send a copy of /etc/hosts and your /etc/krb5.conf to see what
> might be misconfigured.
>
> K.C.
>
--
[*] CeR / Arturo Borrero Gonzalez [*]
On Fri, Feb 11, 2011 at 1:38 PM, CeR <[email protected]> wrote:
>
> Hello. I have been trying to set up a local-teachpurpose-server at home.
>
> My enviroment: debian squeeze KVM/libvirt machine, with 2.6.32-5-amd64 kernel.
>
> When restarting services with the correct configuration, i get this:
> As you can see, the keytab is there, with correct permissions to read by root.
>
> root@goku:~# /etc/init.d/nfs-common restart
> Stopping NFS common utilities: gssd idmapd statd.
> Starting NFS common utilities: statd idmapd gssd.
>
> root@goku:~# /etc/init.d/nfs-kernel-server restart
> Stopping NFS kernel daemon: mountd svcgssd nfsd.
> Unexporting directories for NFS kernel daemon....
> Exporting directories for NFS kernel daemon....
> Starting NFS kernel daemon: nfsd svcgssd failed!
>
> root@goku:~# tail /var/log/syslog
> Feb 11 18:29:45 goku kernel: [ 2266.025197] nfsd: last server has
> exited, flushing export cache
> Feb 11 18:29:46 goku kernel: [ 2267.119699] svc: failed to register
> lockdv1 RPC service (errno 97).
> Feb 11 18:29:46 goku kernel: [ 2267.121318] NFSD: Using
> /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
> Feb 11 18:29:46 goku kernel: [ 2267.122284] NFSD: starting 90-second
> grace period
> Feb 11 18:29:46 goku rpc.svcgssd[2333]: ERROR: GSS-API: error in
> gss_acquire_cred(): Unspecified GSS failure. ?Minor code may provide
> more information - Key table entry not found
> Feb 11 18:29:46 goku rpc.svcgssd[2333]: unable to obtain root
> (machine) credentials
> Feb 11 18:29:46 goku rpc.svcgssd[2333]: do you have a keytab entry for
> nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
>
> root@goku:~# ls -l /etc/krb5.keytab
> -rw-r----- 1 root openldap 1210 feb 11 11:11 /etc/krb5.keytab
>
> root@goku:~# klist -k
> Keytab name: WRFILE:/etc/krb5.keytab
> KVNO Principal
> ---- --------------------------------------------------------------------------
> ? 2 host/[email protected]
> ? 2 host/[email protected]
> ? 2 host/[email protected]
> ? 2 host/[email protected]
> ? 2 ldap/[email protected]
> ? 2 ldap/[email protected]
> ? 2 ldap/[email protected]
> ? 2 ldap/[email protected]
> ? 4 nfs/[email protected]
> ? 4 nfs/[email protected]
> ? 4 nfs/[email protected]
> ? 4 nfs/[email protected]
>
>
> Is a bug? A incompatibility between my packages versions? A
> configuration problem? Any idea?
>
>
> Thank you. Best regards.
First, with this kernel version, you should only have one keytab entry
for nfs/goku.example.com with a DES key. ?(You don't show the
enctypes, but I see you have 4 keys for nfs.) ?You won't hit this
problem until you get past the other error.
Make sure the reverse look-up for your server's host returns the
correct name. ?(Matching the name in the keytab, "goku.example.com")
Perhaps send a copy of /etc/hosts and your /etc/krb5.conf to see what
might be misconfigured.
K.C.
Hello. I solved that error by cleaning /etc/hosts.
I just leave:
#cat /etc/hosts
127.0.0.1 localhost
Then the error left. Nfs4 still doesn't works fine, but due to my
work I haven't time to carry on..
Best regards!
2011/2/15 Kevin Coffman <[email protected]>:
> Sorry for taking so long to respond.
>
> Depending on the version of Kerberos, you may need the following in
> the libdefaults section of /etc/krb5.conf
>
> ? allow_weak_crypto = true
>
> I'm not sure why the nfs.example.com entries are in /etc/hosts? ?That
> may be part of the problem?
>
> Make sure that 'hostname' on the server returns the correct name,
> matching the name in your keytab entry (goku.example.com).
>
> Make sure a reverse DNS lookup of the address returned by a forward
> DNS lookup, returns that same name as well.
>
> K.C.
>
>
> On Sat, Feb 12, 2011 at 7:49 AM, CeR <[email protected]> wrote:
>> Thank you, i will take a look ?to the enctypes of my keytab. I hope
>> that's the problem.
>>
>>
>>
>> Here /etc/krb5.conf
>>
>> -----------------------------------------------------------------------
>> [libdefaults]
>> ? ? ? ?default_realm = EXAMPLE.COM
>>
>> # The following krb5.conf variables are only for MIT Kerberos.
>> ? ? ? ?krb4_config = /etc/krb.conf
>> ? ? ? ?krb4_realms = /etc/krb.realms
>> ? ? ? ?kdc_timesync = 1
>> ? ? ? ?ccache_type = 4
>> ? ? ? ?forwardable = true
>> ? ? ? ?proxiable = true
>>
>> # ? ? ? default_tgs_enctypes = des3-hmac-sha1
>> # ? ? ? default_tkt_enctypes = des3-hmac-sha1
>> # ? ? ? permitted_enctypes = des3-hmac-sha1
>>
>> # The following libdefaults parameters are only for Heimdal Kerberos.
>> ? ? ? ?v4_instance_resolve = false
>> ? ? ? ?v4_name_convert = {
>> ? ? ? ? ? ? ? ?host = {
>> ? ? ? ? ? ? ? ? ? ? ? ?rcmd = host
>> ? ? ? ? ? ? ? ? ? ? ? ?ftp = ftp
>> ? ? ? ? ? ? ? ?}
>> ? ? ? ? ? ? ? ?plain = {
>> ? ? ? ? ? ? ? ? ? ? ? ?something = something-else
>> ? ? ? ? ? ? ? ?}
>> ? ? ? ?}
>> ? ? ? ?fcc-mit-ticketflags = true
>>
>> [realms]
>> ? ? ? ?EXAMPLE.COM = {
>> ? ? ? ? ? ? ? ?kdc = kerberos.example.com
>> ? ? ? ? ? ? ? ?admin_server = kerberos.example.com
>> ? ? ? ?}
>> [domain_realm]
>> ? ? ? ?.example.com = EXAMPLE.COM
>> ? ? ? ?example.com = EXAMPLE.COM
>>
>> [login]
>> ? ? ? ?krb4_convert = true
>> ? ? ? ?krb4_get_tickets = false
>> --------------------------------------------------------------------------------
>> Here /etc/hosts
>>
>> 127.0.0.1 ? ? ? localhost goku goku.example.com nfs.example.com
>> 10.0.0.1 ? ? ? ?goku goku.example.com
>> 10.0.0.1 ? ? ? ?nfs.example.com
>>
>> # The following lines are desirable for IPv6 capable hosts
>> ::1 ? ? ip6-localhost ip6-loopback
>> fe00::0 ip6-localnet
>> ff00::0 ip6-mcastprefix
>> ff02::1 ip6-allnodes
>> ff02::2 ip6-allrouters
>> ff02::3 ip6-allhosts
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> 2011/2/11 Kevin Coffman <[email protected]>:
>>> On Fri, Feb 11, 2011 at 1:38 PM, CeR <[email protected]> wrote:
>>>>
>>>> Hello. I have been trying to set up a local-teachpurpose-server at home.
>>>>
>>>> My enviroment: debian squeeze KVM/libvirt machine, with 2.6.32-5-amd64 kernel.
>>>>
>>>> When restarting services with the correct configuration, i get this:
>>>> As you can see, the keytab is there, with correct permissions to read by root.
>>>>
>>>> root@goku:~# /etc/init.d/nfs-common restart
>>>> Stopping NFS common utilities: gssd idmapd statd.
>>>> Starting NFS common utilities: statd idmapd gssd.
>>>>
>>>> root@goku:~# /etc/init.d/nfs-kernel-server restart
>>>> Stopping NFS kernel daemon: mountd svcgssd nfsd.
>>>> Unexporting directories for NFS kernel daemon....
>>>> Exporting directories for NFS kernel daemon....
>>>> Starting NFS kernel daemon: nfsd svcgssd failed!
>>>>
>>>> root@goku:~# tail /var/log/syslog
>>>> Feb 11 18:29:45 goku kernel: [ 2266.025197] nfsd: last server has
>>>> exited, flushing export cache
>>>> Feb 11 18:29:46 goku kernel: [ 2267.119699] svc: failed to register
>>>> lockdv1 RPC service (errno 97).
>>>> Feb 11 18:29:46 goku kernel: [ 2267.121318] NFSD: Using
>>>> /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
>>>> Feb 11 18:29:46 goku kernel: [ 2267.122284] NFSD: starting 90-second
>>>> grace period
>>>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: ERROR: GSS-API: error in
>>>> gss_acquire_cred(): Unspecified GSS failure. ?Minor code may provide
>>>> more information - Key table entry not found
>>>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: unable to obtain root
>>>> (machine) credentials
>>>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: do you have a keytab entry for
>>>> nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
>>>>
>>>> root@goku:~# ls -l /etc/krb5.keytab
>>>> -rw-r----- 1 root openldap 1210 feb 11 11:11 /etc/krb5.keytab
>>>>
>>>> root@goku:~# klist -k
>>>> Keytab name: WRFILE:/etc/krb5.keytab
>>>> KVNO Principal
>>>> ---- --------------------------------------------------------------------------
>>>> ? 2 host/[email protected]
>>>> ? 2 host/[email protected]
>>>> ? 2 host/[email protected]
>>>> ? 2 host/[email protected]
>>>> ? 2 ldap/[email protected]
>>>> ? 2 ldap/[email protected]
>>>> ? 2 ldap/[email protected]
>>>> ? 2 ldap/[email protected]
>>>> ? 4 nfs/[email protected]
>>>> ? 4 nfs/[email protected]
>>>> ? 4 nfs/[email protected]
>>>> ? 4 nfs/[email protected]
>>>>
>>>>
>>>> Is a bug? A incompatibility between my packages versions? A
>>>> configuration problem? Any idea?
>>>>
>>>>
>>>> Thank you. Best regards.
>>>
>>> First, with this kernel version, you should only have one keytab entry
>>> for nfs/goku.example.com with a DES key. ?(You don't show the
>>> enctypes, but I see you have 4 keys for nfs.) ?You won't hit this
>>> problem until you get past the other error.
>>>
>>> Make sure the reverse look-up for your server's host returns the
>>> correct name. ?(Matching the name in the keytab, "goku.example.com")
>>>
>>> Perhaps send a copy of /etc/hosts and your /etc/krb5.conf to see what
>>> might be misconfigured.
>>>
>>> K.C.
>>>
>>
>>
>>
>> --
>> [*] CeR / Arturo Borrero Gonzalez [*]
>>
>>
>
--
[*] CeR / Arturo Borrero Gonzalez [*]
Sorry for taking so long to respond.
Depending on the version of Kerberos, you may need the following in
the libdefaults section of /etc/krb5.conf
allow_weak_crypto = true
I'm not sure why the nfs.example.com entries are in /etc/hosts? That
may be part of the problem?
Make sure that 'hostname' on the server returns the correct name,
matching the name in your keytab entry (goku.example.com).
Make sure a reverse DNS lookup of the address returned by a forward
DNS lookup, returns that same name as well.
K.C.
On Sat, Feb 12, 2011 at 7:49 AM, CeR <[email protected]> wrote:
> Thank you, i will take a look ?to the enctypes of my keytab. I hope
> that's the problem.
>
>
>
> Here /etc/krb5.conf
>
> -----------------------------------------------------------------------
> [libdefaults]
> ? ? ? ?default_realm = EXAMPLE.COM
>
> # The following krb5.conf variables are only for MIT Kerberos.
> ? ? ? ?krb4_config = /etc/krb.conf
> ? ? ? ?krb4_realms = /etc/krb.realms
> ? ? ? ?kdc_timesync = 1
> ? ? ? ?ccache_type = 4
> ? ? ? ?forwardable = true
> ? ? ? ?proxiable = true
>
> # ? ? ? default_tgs_enctypes = des3-hmac-sha1
> # ? ? ? default_tkt_enctypes = des3-hmac-sha1
> # ? ? ? permitted_enctypes = des3-hmac-sha1
>
> # The following libdefaults parameters are only for Heimdal Kerberos.
> ? ? ? ?v4_instance_resolve = false
> ? ? ? ?v4_name_convert = {
> ? ? ? ? ? ? ? ?host = {
> ? ? ? ? ? ? ? ? ? ? ? ?rcmd = host
> ? ? ? ? ? ? ? ? ? ? ? ?ftp = ftp
> ? ? ? ? ? ? ? ?}
> ? ? ? ? ? ? ? ?plain = {
> ? ? ? ? ? ? ? ? ? ? ? ?something = something-else
> ? ? ? ? ? ? ? ?}
> ? ? ? ?}
> ? ? ? ?fcc-mit-ticketflags = true
>
> [realms]
> ? ? ? ?EXAMPLE.COM = {
> ? ? ? ? ? ? ? ?kdc = kerberos.example.com
> ? ? ? ? ? ? ? ?admin_server = kerberos.example.com
> ? ? ? ?}
> [domain_realm]
> ? ? ? ?.example.com = EXAMPLE.COM
> ? ? ? ?example.com = EXAMPLE.COM
>
> [login]
> ? ? ? ?krb4_convert = true
> ? ? ? ?krb4_get_tickets = false
> --------------------------------------------------------------------------------
> Here /etc/hosts
>
> 127.0.0.1 ? ? ? localhost goku goku.example.com nfs.example.com
> 10.0.0.1 ? ? ? ?goku goku.example.com
> 10.0.0.1 ? ? ? ?nfs.example.com
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 ? ? ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> ff02::3 ip6-allhosts
>
>
>
>
>
>
>
>
>
> 2011/2/11 Kevin Coffman <[email protected]>:
>> On Fri, Feb 11, 2011 at 1:38 PM, CeR <[email protected]> wrote:
>>>
>>> Hello. I have been trying to set up a local-teachpurpose-server at home.
>>>
>>> My enviroment: debian squeeze KVM/libvirt machine, with 2.6.32-5-amd64 kernel.
>>>
>>> When restarting services with the correct configuration, i get this:
>>> As you can see, the keytab is there, with correct permissions to read by root.
>>>
>>> root@goku:~# /etc/init.d/nfs-common restart
>>> Stopping NFS common utilities: gssd idmapd statd.
>>> Starting NFS common utilities: statd idmapd gssd.
>>>
>>> root@goku:~# /etc/init.d/nfs-kernel-server restart
>>> Stopping NFS kernel daemon: mountd svcgssd nfsd.
>>> Unexporting directories for NFS kernel daemon....
>>> Exporting directories for NFS kernel daemon....
>>> Starting NFS kernel daemon: nfsd svcgssd failed!
>>>
>>> root@goku:~# tail /var/log/syslog
>>> Feb 11 18:29:45 goku kernel: [ 2266.025197] nfsd: last server has
>>> exited, flushing export cache
>>> Feb 11 18:29:46 goku kernel: [ 2267.119699] svc: failed to register
>>> lockdv1 RPC service (errno 97).
>>> Feb 11 18:29:46 goku kernel: [ 2267.121318] NFSD: Using
>>> /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
>>> Feb 11 18:29:46 goku kernel: [ 2267.122284] NFSD: starting 90-second
>>> grace period
>>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: ERROR: GSS-API: error in
>>> gss_acquire_cred(): Unspecified GSS failure. ?Minor code may provide
>>> more information - Key table entry not found
>>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: unable to obtain root
>>> (machine) credentials
>>> Feb 11 18:29:46 goku rpc.svcgssd[2333]: do you have a keytab entry for
>>> nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
>>>
>>> root@goku:~# ls -l /etc/krb5.keytab
>>> -rw-r----- 1 root openldap 1210 feb 11 11:11 /etc/krb5.keytab
>>>
>>> root@goku:~# klist -k
>>> Keytab name: WRFILE:/etc/krb5.keytab
>>> KVNO Principal
>>> ---- --------------------------------------------------------------------------
>>> ? 2 host/[email protected]
>>> ? 2 host/[email protected]
>>> ? 2 host/[email protected]
>>> ? 2 host/[email protected]
>>> ? 2 ldap/[email protected]
>>> ? 2 ldap/[email protected]
>>> ? 2 ldap/[email protected]
>>> ? 2 ldap/[email protected]
>>> ? 4 nfs/[email protected]
>>> ? 4 nfs/[email protected]
>>> ? 4 nfs/[email protected]
>>> ? 4 nfs/[email protected]
>>>
>>>
>>> Is a bug? A incompatibility between my packages versions? A
>>> configuration problem? Any idea?
>>>
>>>
>>> Thank you. Best regards.
>>
>> First, with this kernel version, you should only have one keytab entry
>> for nfs/goku.example.com with a DES key. ?(You don't show the
>> enctypes, but I see you have 4 keys for nfs.) ?You won't hit this
>> problem until you get past the other error.
>>
>> Make sure the reverse look-up for your server's host returns the
>> correct name. ?(Matching the name in the keytab, "goku.example.com")
>>
>> Perhaps send a copy of /etc/hosts and your /etc/krb5.conf to see what
>> might be misconfigured.
>>
>> K.C.
>>
>
>
>
> --
> [*] CeR / Arturo Borrero Gonzalez [*]
>
>