Probably. If I interpret your email, you recreated the key table for the server. I assume you either rebooted the server or restarted everything relevant (most critical would be rpc.svcgssd).
I agree that rebooting clients would probably do it on the client side, except that not all systems are set up to clear /tmp on reboot. I don’t think that’s critical, but I can’t guarantee it. > On Jul 22, 2019, at 9:26 AM, Laura Smith <n5d9xq3ti233xiyif...@protonmail.ch> > wrote: > > Hi Charles, > > Surely the action of rebooting the client would do all of that ? > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Monday, July 22, 2019 2:13 PM, Charles Hedrick <hedr...@rutgers.edu> wrote: > >> Unfortunately it’s likely to take some experimentation. My starting point >> would be on each client, unmount the file system, maybe delete >> /tmp/krb5ccmachine*, restart rpc.gssd, and remount. >> >>> On Jul 22, 2019, at 6:22 AM, Laura Smith n5d9xq3ti233xiyif...@protonmail.ch >>> wrote: >>> Ok, I hold my hand up, I messed up. So the question is, how do I get myself >>> out of this mess ? >>> A summary of how I got here: >>> • I have an NFS server and a bunch of clients connecting and auth using >>> krb5. >>> • This was all working beautifully.... until today. >>> • Through an act of pure fat-fingered stupidity, I ran "addprinc -randkey >>> nfs/name.of.nfs.server" when setting up a new NFS client (i.e used server >>> name instead of client name). >>> • Now everything is broken (none of the NFS clients can connect to the >>> server and I am seeing the error messages below on the NFS server). >>> • keytab on NFS server only had credentials for NFS server, so I deleted >>> the keytab and created a new one through ktadd >>> • that didnt' work. a reboot of the NFS server didn't work. >>> Summary ? I'm up a smelly creek without a paddle ! >>> Messages on NFS server: >>> 2019-07-22T11:01:35.075247+01:00 foo rpc.svcgssd[847]: ERROR: GSS-API: >>> error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE >>> (Unspecified GSS failure. Minor code may provide more information) - >>> Request ticket server nfs/foo.example....@example.corp kvno 3 not found in >>> keytab; ticket is likely out of date >>> 2019-07-22T11:01:39.460944+01:00 foo rpc.svcgssd[847]: message repeated 41 >>> times: [ ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): >>> GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more >>> information) - Request ticket server nfs/foo.example....@example.corp kvno >>> 3 not found in keytab; ticket is likely out of date] >>> >>> Kerberos mailing list Kerberos@mit.edu >>> https://mailman.mit.edu/mailman/listinfo/kerberos > > ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
