Context Navigation

← Previous Change
Wiki History
Next Change →

Changes between Version 8 and Version 9 of Avances

Timestamp:: Nov 9, 2015, 10:07:39 AM (9 years ago)
Author:: tonin
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

Avances

-                      v8
+                      v9
  }}}
+= Crear un keytab =
+Sinceramente no tengo ni idea de lo que es, pero como al intentar montar:
+{{{
+mount -t nfs -o vers=4 nfsvnx-172-16.priv.uco.es:/BORRAR_PRUEBAS_NFSV4 /mnt1
+}}}
+se queda esperando teniendo en daemon.log lineas como estas:
+{{{
+Nov  9 09:52:58 HPTONIN rpc.gssd[23712]: ERROR: No credentials found for connection to server nfsvnx-172-16.priv.uco.es
+Nov  9 09:52:58 HPTONIN rpc.gssd[23712]: doing error downcall
+Nov  9 09:53:20 HPTONIN rpc.gssd[23712]: handling gssd upcall (nfs/clnt44)
+Nov  9 09:53:20 HPTONIN rpc.gssd[23712]: handling krb5 upcall (nfs/clnt44)
+Nov  9 09:53:20 HPTONIN rpc.gssd[23712]: krb5_use_machine_creds: uid 0 tgtname (null)
+Nov  9 09:53:20 HPTONIN rpc.gssd[23712]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
+Nov  9 09:53:20 HPTONIN rpc.gssd[23712]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
+Nov  9 09:53:20 HPTONIN rpc.gssd[23712]: ERROR: Key table file '/etc/krb5.keytab' not found while beginning keytab scan for keytab 'FILE:/etc/krb5.keytab'
+Nov  9 09:53:20 HPTONIN rpc.gssd[23712]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host nfsvnx-172-16.priv.uco.es
+}}}
+pues creo un keytab siguiendo las instrucciones de https://kb.iu.edu/d/aumh de esta forma invocando la utilidad ktutil:
+{{{
+ktutil:  addent -password -p root@UCO.ES -k 1 -e rc4-hmac
+Password for root@UCO.ES:
+ktutil:  addent -password -p root@UCO.ES -k 1 -e aes256-cts
+Password for root@UCO.ES:
+ktutil:  wkt root.keytab
+ktutil:  quit
+}}}
+Esto me genera un fichero root.keytab. Si intento usarlo veo que si se entera de que la clave generada es para root, pero que root@UCO.ES no está en la BBDD de kerberos
+{{{
+root@HPTONIN:~# kinit root@UCO.ES -k -t root.keytab
+kinit: Client 'root@UCO.ES' not found in Kerberos database while getting initial credentials
+root@HPTONIN:~# kinit paco@UCO.ES -k -t root.keytab
+kinit: Keytab contains no suitable keys for paco@UCO.ES while getting initial credentials
+}}}