I could use some help trying to figure out the next steps to figure out what is going wrong with a Kerberos/NFS initial installation on an AIX 5.3 system. I've followed several guides and I think everything checks out, but it obviously does not work.
On the NFS server (foodev01) /tmp/syslog.out file, I am getting the error: May 5 14:52:17 foodev01 user:debug syslog: nfsrgyd: Unable to map local user (foouser) to a foreign user May 5 14:52:17 foodev01 user:debug syslog: nfsrgyd: Unable to map local group (foouser) to a foreign group In the Securing NFS for AIX guide, this error shows up and they have you change the NFS domain mapping. I've tried a number of variations of this and none seem to work. On the NFS server, chnfsrtd returns: [EMAIL PROTECTED]:/etc/krb5=# chnfsrtd realm.dev.foo.com dev.foo.com I've also tried it with "realm.dev.foo.com foo.com" and "realm.dev.foo.com comp.foo.com" On the NFS server, chnfsdom returns: [EMAIL PROTECTED]:/etc/krb5=# chnfsdom Current local domain: dev.foo.com My /etc/hosts is: 127.0.0.1 loopback localhost # loopback (lo0) name/address 10.244.111.50 fookdcdev01.comp.foo.com fookdcdev01 # KDC 10.244.111.51 foodev01.comp.foo.com foodev01 # NFS Server 10.244.111.52 footst02.comp.foo.com footst02 # NFS Client On the NFS Client (footst02) I get: [EMAIL PROTECTED]:/home/root=# chnfsrtd realm.dev.foo.com dev.foo.com [EMAIL PROTECTED]:/home/root=# chnfsdom Current local domain: dev.foo.com Each time I've made a change to the NFS info on the server and the client, I've stopped all the NFS daemons, did a nfsrgyd -f (to flush the cache) and then restarted the daemons. On the KDC server, I can list the principals: kadmin: listprincs K/[EMAIL PROTECTED] admin/[EMAIL PROTECTED] host/[EMAIL PROTECTED] host/[EMAIL PROTECTED] kadmin/[EMAIL PROTECTED] kadmin/[EMAIL PROTECTED] kadmin/[EMAIL PROTECTED] krbtgt/[EMAIL PROTECTED] nfs/[EMAIL PROTECTED] nfs/[EMAIL PROTECTED] root/[EMAIL PROTECTED] root/[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] I check the tickets and can successfully renew tickets for root and foouser on the NFS server and the client. The NFS filesystems are exported and mount without any errors. So what can be done to analyze this and track down the source of the error? ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
