On Mon, Aug 27, 2012 at 1:59 PM, Derek Warren <[email protected]> wrote: > Which of those two contexts do you suppose the authors of > nfs-utils meant when writing error messages like this:
Bingo. >> rpc.gssd: WARNING: Failed to create krb5 context for user with uid 0 for >> server nfsserver.example.com >> rpc.gssd: Failed to create machine krb5 context with credentials cache >> FILE:/tmp/krb5cc_machine_AD.EXAMPLE.COM for server nfsserver.example.com It's obnoxious that rpc.gssd is saying "krb5 context" when it really means "GSS security context for the Kerberos mechanism"... But that's what's happening. > On 2012-08-27, at 10:59 AM, [email protected] wrote: >> For us, nfs4 with a Samba4 AD, gssd fails when it can't find e.g. a >> machine key in (by default) /etc/krb5.keytab > > Thank you, Steve. My previous diatribe shows that _all_ of those > principals are present in /etc/krb5.keytab on the NFS server and client. > > Interesting that the only obvious differences here are that your setup > works and doesn't contain any Microsoft products... Did you setup the SPNs in AD properly? Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
