On 02/10/2012 07:24 PM, Gémes Géza wrote:
2012-02-10 17:58 keltezéssel, steve írta:
Hi
After upgrading to
Version 4.0.0alpha18-GIT-24ed8c5 on Ubuntu 11.10, Samba 4 no longer
looks in the keytab for my nfs server entry:
mount -t nfs4 foo bar --o sec=krb5
Kerberos: AS-REQ nfs/[email protected] from ipv4:192.168.1.3:53213
for krbtgt/[email protected]
Kerberos: UNKNOWN -- nfs/[email protected]: no such entry found in
hdb
The nfs entry is in the keytab:
klist -ke /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
1 nfs/[email protected] (des-cbc-crc)
1 nfs/[email protected] (des-cbc-md5)
1 nfs/[email protected] (arcfour-hmac)
How do I tell this new version to look in the keytab? or,
How do I add the nfs internally?
Thanks,
Steve
Hi,
First some basics, sorry if it is boring ;-)
Nope. Please keep reminding me:)
/etc/krb5.keytab is the "password file" your nfs service is using in
order to be able to authenticate itself with samba4's kerberos service;
it could be on a completely different machine and would work in the same
way.
Samba4 stores the same "password" in its internal database (ldb) and
when connected it looks it up there.
Yep. Got it.
Now back on your situation:
Have you re-provisioned after upgrade?
No.
If yes you need to recreate the principal and the spn for nfs, and
reexport the keytab for it.
If not you may need to do an upgradeprovision in order to apply the
expected directory changes.
Good Luck!
Geza
Unfortunately, upgradeprovision fails. There are other issues with this
latest git because instead of installing everything under
/usr/local/samba it leaves stuff in samba-master which it still uses
after it has installed. Problem is that make install messes up
samba-master. Running make again fixes most of it but leaves the dns
files with the wrong permissions if you are using bind9 and the samba
dns server falls over after a restart if you provision with the
internal. That is on Ubuntu. I keep my old checkout under openSUSE to
fall back on. Time for a clean start on Ubuntu I think.
Cheers,
Steve
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
