[29680] in Kerberos
NFS IO on kerberized export failing with permission denied error
daemon@ATHENA.MIT.EDU (parinay)
Mon Apr 14 06:27:19 2008
Message-ID: <ea2ed4af0804140326j7f235c78qbcf3ce1048f33119@mail.gmail.com>
Date: Mon, 14 Apr 2008 15:56:25 +0530
From: parinay <parinay@gmail.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I am failing to do NFS io on a volume with sec=krb5. The logs are below, to
give you an exact idea.
-All clients and KDC are in time sync
-Every machine is reachable with hostname.
-kinit/kadmin works from client
-mount works but cd/ls fails on mounted path
-KDC -2.6.18-8.1.3.el5
-client-SunOS kc1b6 5.10 Generic_118855-33 i86pc i386 i86pc
-NFS exports from - Netapp filer
exportfs
/vol/vol1 -sec=krb5,rw,anon=0
options nfs.kerb
nfs.kerberos.enable on
nfs.kerberos.file_keytab.enable on
nfs.kerberos.principal rtpqa-fas6080-7.rtp.netapp.com
nfs.kerberos.realm NAS.SSQA.RTP.NETAPP.COM
options kerb
kerberos.file_keytab.enable on
kerberos.file_keytab.principal rtpqa-fas6080-7.rtp.netapp.com
kerberos.file_keytab.realm NAS.SSQA.RTP.NETAPP.COM
kerberos.replay_cache.enable off
kadmin.local
Authenticating as principal root/admin@NAS.SSQA.RTP.NETAPP.COM with
password.
kadmin.local: listprincs
K/M@NAS.SSQA.RTP.NETAPP.COM
changepw/kc1b8-e0.nas.ssqa.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
kadmin/admin@NAS.SSQA.RTP.NETAPP.COM
kadmin/changepw@NAS.SSQA.RTP.NETAPP.COM
kadmin/history@NAS.SSQA.RTP.NETAPP.COM
kadmin/kc1b8-e0.nas.ssqa.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
kiprop/kc1b8-e0.nas.ssqa.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
krbtgt/NAS.SSQA.RTP.NETAPP.COM@NAS.SSQA.RTP.NETAPP.COM
nfs/kc1b6-e0.nas.ssqa.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
nfs/rtpqa-fas3170-9-vif1.nas.ssqa.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
nfs/rtpqa-fas6080-7.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
parinay/admin@NAS.SSQA.RTP.NETAPP.COM
parinay/kc1b6-e0.nas.ssqa.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
root/admin@NAS.SSQA.RTP.NETAPP.COM
root/kc1b6-e0.nas.ssqa.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
kadmin.local:
klist -k /tmp/6080.keytab
Keytab name: FILE:/tmp/6080.keytab
KVNO Principal
----
--------------------------------------------------------------------------
3 nfs/rtpqa-fas6080-7.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
# klist -k /tmp/kc1b6.keytab
Keytab name: FILE:/tmp/kc1b6.keytab
KVNO Principal
----
--------------------------------------------------------------------------
3 root/kc1b6-e0.nas.ssqa.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
3 parinay/kc1b6-e0.nas.ssqa.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
3 nfs/kc1b6-e0.nas.ssqa.rtp.netapp.com@NAS.SSQA.RTP.NETAPP.COM
bash-3.00# cd /mnt/krb
bash: cd: /mnt/krb: Permission denied
bash-3.00#mount
/mnt/krb on rtpqa-fas6080-7:/vol/vol1
remote/read/write/setuid/devices/vers=3/sec=krb5/xattr/dev=4700013 on Mon
Apr 14 05:34:27 2008
--
easy is right
begin right and you're easy
continue easy and you're right
the right way to go easy is to forget the right way
and forget that the going is easy....
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
