Durante l'esecuzione:
sudo mount -t nfs4 -o sec=krb5 sol.domain.com:/ /mnt
Ottengo questo errore sul client:
mount.nfs4: access denied by server while mounting sol.domain.com:/
E sul server syslogs ho letto
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for nfs/ip-#-#-#-#.ec2.internal@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/EC2.INTERNAL@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/INTERNAL@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/COM@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/DOMAIN.COM@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for nfs/ip-#-#-#-#.ec2.internal@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/EC2.INTERNAL@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/INTERNAL@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/COM@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/DOMAIN.COM@SOL.DOMAIN.COM, Server not found in Kerberos database
File keytab del server:
ubuntu@sol:~$ sudo klist -e -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
7 host/sol.domain.com@SOL.DOMAIN.COM (aes256-cts-hmac-sha1-96)
7 host/sol.domain.com@SOL.DOMAIN.COM (arcfour-hmac)
7 host/sol.domain.com@SOL.DOMAIN.COM (des3-cbc-sha1)
7 host/sol.domain.com@SOL.DOMAIN.COM (des-cbc-crc)
9 nfs/sol.domain.com@SOL.DOMAIN.COM (aes256-cts-hmac-sha1-96)
9 nfs/sol.domain.com@SOL.DOMAIN.COM (arcfour-hmac)
9 nfs/sol.domain.com@SOL.DOMAIN.COM (des3-cbc-sha1)
9 nfs/sol.domain.com@SOL.DOMAIN.COM (des-cbc-crc)
File keytab client:
ubuntu@mercury:~$ sudo klist -e -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 host/mercury.domain.com@SOL.DOMAIN.COM (aes256-cts-hmac-sha1-96)
3 host/mercury.domain.com@SOL.DOMAIN.COM (arcfour-hmac)
3 host/mercury.domain.com@SOL.DOMAIN.COM (des3-cbc-sha1)
3 host/mercury.domain.com@SOL.DOMAIN.COM (des-cbc-crc)
3 nfs/mercury.domain.com@SOL.DOMAIN.COM (aes256-cts-hmac-sha1-96)
3 nfs/mercury.domain.com@SOL.DOMAIN.COM (arcfour-hmac)
3 nfs/mercury.domain.com@SOL.DOMAIN.COM (des3-cbc-sha1)
3 nfs/mercury.domain.com@SOL.DOMAIN.COM (des-cbc-crc)
allow_weak_crypto = true
alla fine.