Mark Potter via FreeIPA-users wrote: > Long story short, we had to redeploy part of our FreeIPA cluster. As far > as I know I followed all of the proper procedures and everything > seems to be working from the client side however we are getting a TON of > these messages in krb5kdc.log > > ipa3.example.com <http://ipa3.example.com> krb5kdc[31232](info): TGS_REQ > (8 etypes {18 17 20 19 16 23 25 26}) 10.6.21.19 <http://10.6.21.19>: > LOOKING_UP_SERVER: authtime 0, host/[email protected] > <mailto:[email protected]> for > nfs/[email protected] <mailto:[email protected]>, > Server not found in Kerberos database > > client100.example.com <http://client100.example.com> has working > forward and reverse DNS entries that resolve from all FreeIPA servers > and from itself. > > nfs1.example.com <http://nfs1.example.com> has working forward and > reverse entries that resolve from all FreeIPA servers and from itself, > it is not part of the FreeIPA domain at all, it is still using the > authentication we are replacing with FreeIPA. It is used for automount > homedirs in FreeIPA but is not kerberized > > All of the clients reporting this error still properly automount > homedirs and that is the only thing on nfs1.example.com > <http://nfs1.example.com>. There is another mountpoint, also not > kerberized, in the automount setup that is not throwing any errors and > access extremely frequently. > > I am happy to provide any logs necessary to track this down.
IIRC the client first looks for nfs/<server> and will fall back to host/<server>. So create an nfs service principal and use ipa-getkeytab to add a key to /etc/krb5.conf on the NFS server(s). rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
