运行时:
sudo mount -t nfs4 -o sec=krb5 sol.domain.com:/ /mnt
我在客户端收到此错误:
mount.nfs4: access denied by server while mounting sol.domain.com:/
我在服务器系统日志中读到
UNKNOWN_SERVER: authtime 0, nfs/[email protected] for nfs/ip-#-#-#-#[email protected], Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/[email protected] for nfs/ip-#-#-#-#[email protected], Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database
服务器密钥表文件:
ubuntu@sol:~$ sudo klist -e -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
7 host/[email protected] (aes256-cts-hmac-sha1-96)
7 host/[email protected] (arcfour-hmac)
7 host/[email protected] (des3-cbc-sha1)
7 host/[email protected] (des-cbc-crc)
9 nfs/[email protected] (aes256-cts-hmac-sha1-96)
9 nfs/[email protected] (arcfour-hmac)
9 nfs/[email protected] (des3-cbc-sha1)
9 nfs/[email protected] (des-cbc-crc)
客户端密钥表文件:
ubuntu@mercury:~$ sudo klist -e -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 host/[email protected] (aes256-cts-hmac-sha1-96)
3 host/[email protected] (arcfour-hmac)
3 host/[email protected] (des3-cbc-sha1)
3 host/[email protected] (des-cbc-crc)
3 nfs/[email protected] (aes256-cts-hmac-sha1-96)
3 nfs/[email protected] (arcfour-hmac)
3 nfs/[email protected] (des3-cbc-sha1)
3 nfs/[email protected] (des-cbc-crc)
答案1
似乎 IP 的反向名称解析与您期望的名称不匹配。请确保mercury.domain.com和sol.domain.com是第一的在相关 IP 地址后面添加的名称/etc/hosts。为了安全起见,只需在顶部添加几行,其中包含机器的 IP 地址和 kerberos 所需的主机名。
10.x.y.z sol.domain.com sol ip-blah-blah
10.a.b.c mercury.domain.com mercury ip-other-other
确保这两行都存在于两个都客户端和服务器。
通过在客户端和服务器上运行以下命令来验证设置也是一个好主意。确保为每个 IP 地址打印的第一个主机名是您期望的。
getent hosts 10.x.y.z 10.a.b.c