opensuse
[Arriba] [Todas las Listas]

[opensuse] nfs4 kerberos con ANUNCIO2008R2 - kinit el éxito pero el mon

To: opensuse@xxxxxxxxxxxx
Subject: [opensuse] nfs4 kerberos con ANUNCIO2008R2 - kinit el éxito pero el monte fallaron
From: Nattapon Viroonsri <linuxbkk@xxxxxxxxx>
Date: Fri, 23 Sep 2011 11:43:03 +0700
Delivered-to: opensuse@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 23 Sep 2011 00:43:24 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=OQ690tt6LMc2eHGjUDleViwccs2XauQWiDaxNjfafSY=; b=r05OZzEp1F4twbd1NF1zLEjcMTysptWoni2h2l2Y0XpEfmmnk0azUyMEQ7W9geprQd MNBJOFVYnoLVfhj7Ws1eFOP4D2NtCa+08lU6V6uU1Tk3GuUlFbguh+KD6SQoR7tm13H8 NXxOux5kt59r5zZ1MAkZMS/6lCD2DQGC8EGQM=
Envelope-to: traductor@xxxxxxxxxxx
List-archive: <http://lists.opensuse.org/opensuse/>
List-help: <mailto:opensuse+help@opensuse.org>
List-owner: <mailto:opensuse+owner@opensuse.org>
List-post: <mailto:opensuse@opensuse.org>
List-subscribe: <mailto:opensuse+subscribe@opensuse.org>
List-unsubscribe: <mailto:opensuse+unsubscribe@opensuse.org>
Mailing-list: contact opensuse+help@xxxxxxxxxxxx; run by mlmmj
*Hi,

intento utilizar *nfs4 *authentication con directorio Activo 2008

creé *keytab archivos por *ktpass en ANUNCIO entonces transferencia a *linux
y también probar dinámico generado *keytab en *linux  durante unir el ámbito
Tiene asunto mismo,

*kinit éxito a *authenticated, pero monte todavía *faile con el permiso negó
Cualquier sugerencia , sería apreciar

*nfs *server: *suse1.*reuint.*com ( *SLES11 SP1)
*nfs cliente:  *krbclient.*reuint.*com ( *SLES11 SP1)
Ventanas2008 SP2 edición estándar:  anuncio2008.*reuint.*com ( Ventanas2008*R2
edición estándar)


# ------ #Ambos NFS *Server y Cliente de NFS puede unir ámbito ---------------


*rcwinbind parón
*rcnfsserver red
de parón -*Ureutadmin%'*mypasswd' los anuncios dejan
netos -*Ureutadmin%'*mypasswd' anuncios *keytab *flush
*kdestroy
\*rm /*etc/*krb5.*keytab
\*rm /*tmp/*kr*

Neto -*Ureutadmin%'*mypasswd' los anuncios unen  *createupn='*nfs/*suse1.reuint.com@xxxxxxxxxx'
neto -*Ureutadmin%'*mypasswd' anuncios *keytab añadir *nfs

*rcwinbind inicio


*suse1:/*keytab # *wbinfo -*u
*REUINT\administrador
*REUINT\huésped
*REUINT\*krbtgt
*REUINT\*reutadmin



*suse1:/*keytab # *ssh *REUINT\\reutadmin@localhost
Contraseña:
Último *login: *Tue *Sep 20 10:13:54 2011 de *localhost
Podría no *chdir a casa de directorio /de la casa/*REUINT/*reutadmin: No tal archivo
o directorio
*REUINT\reutadmin@suse1:/>salida



#-------  EN NFS *Server -----------------------------------------

*suse1:/*keytab # *klist -*ke
*Keytab nombre: ARCHIVO:/*etc/*krb5.*keytab
*KVNO Principal

   2 *nfs/*suse1.reuint.com@xxxxxxxxxx (DES *cbc modo con CRC-32)
   2 *nfs/*suse1.reuint.com@xxxxxxxxxx (DES *cbc modo con RSA-MD5)
   2 *nfs/*suse1.reuint.com@xxxxxxxxxx (*ArcFour con HMAC/*md5)
   2 *nfs/*suse1@*xxxxxxxxxx (DES *cbc modo con CRC-32)
   2 *nfs/*suse1@*xxxxxxxxxx (DES *cbc modo con RSA-MD5)
   2 *nfs/*suse1@*xxxxxxxxxx (*ArcFour con HMAC/*md5)

*suse1:/*keytab # *kinit -*V  -*k  *nfs/*suse1.reuint.com@xxxxxxxxxx
*Authenticated a *Kerberos *v5


#-------  EN Cliente de NFS  -----------------------------------------------

*krbclient: # *klist -*ke

*Keytab nombre: ARCHIVO:/*etc/*krb5.*keytab
*KVNO Principal
   2 *nfs/krbclient.reuint.com@xxxxxxxxxx (DES *cbc modo con CRC-32)
   2 *nfs/krbclient.reuint.com@xxxxxxxxxx (DES *cbc modo con RSA-MD5)
   2 *nfs/krbclient.reuint.com@xxxxxxxxxx (*ArcFour con HMAC/*md5)
   2 *nfs/krbclient@xxxxxxxxxx (DES *cbc modo con CRC-32)
   2 *nfs/krbclient@xxxxxxxxxx (DES *cbc modo con RSA-MD5)
   2 *nfs/krbclient@xxxxxxxxxx (*ArcFour con HMAC/*md5)

*krbclient: # *kinit -*V -*k *nfs/*krbclient.*reuint.*com
*Authenticated A *Kerberos *v5


*krbclient: # *showmount -*e *suse1.*reuint.*com
Lista de exportación para *suse1.*reuint.*com:
/*media/*nfs4*server *gss/*krb5*i,*gss/*krb5

*krbclient: # monte -*vvv -*tnfs4 -*o *sec=*krb5  *suse1.*reuint.*com:/  /*media/*nfs/
Monte: *fstab camino: "/*etc/*fstab"
monte: *mtab camino:  "/*etc/*mtab"
monte: camino de cerradura:  "/*etc/*mtab"
monte: *temp camino:  "/*etc/*mtab.*tmp"
Monte: UID:        0
monte: *eUID:       0
monte: *spec:  "*suse1.*reuint.*com:/"
Monte: nodo:  "/*media/*nfs/"
monte: tipo: "*nfs4"
monte: opta:  "*sec=*krb5"
monte: monte externo: *argv[0] = "/*sbin/monte.*nfs4"
monte: monte externo: *argv[1] = "*suse1.*reuint.*com:/"
Monte: monte externo: *argv[2] = "/*media/*nfs/"
monte: monte externo: *argv[3] = "-*v"
monte: monte externo: *argv[4] = "-*o"
monte: monte externo: *argv[5] = "*rw,*sec=*krb5"
monte.*nfs4: *timeout conjunto para *Tue *Sep 20 11:05:15 2011
monte.*nfs4: probando texto-opciones basadas
'*sec=*krb5,*addr=192.168.125.130,*clientaddr=192.168.125.132'
monte.*nfs4: monte(2): Permiso monte
negado.*nfs4: el acceso negado por *server mientras montando *suse1.*reuint.*com:/

----------------------------------------------

*Rgds,
*Nattapon
-- 
A *unsubscribe, *e-correo: *opensuse+unsubscribe@xxxxxxxxxxxx
Puesto que órdenes adicionales, *e-correo: *opensuse+help@xxxxxxxxxxxx


Hi,

I try to use nfs4 authentication with Active directory 2008

I  created keytab files by ktpass on AD then transfer to linux
and also try dynamic generated keytab on linux  during join domain
Have same issue,

kinit success to authenticated, but mount still faile with permission denied
Any suggestion , would be appreciate

nfs server: suse1.reuint.com ( SLES11 SP1)
nfs client:  krbclient.reuint.com ( SLES11 SP1)
Windows2008 SP2 standard edition:  ad2008.reuint.com ( windows2008R2
standard edition)


# ------ Both NFS Server and NFS Client can join domain ---------------


rcwinbind stop
rcnfsserver stop
net -Ureutadmin%'mypasswd' ads leave
net -Ureutadmin%'mypasswd' ads keytab flush
kdestroy
\rm /etc/krb5.keytab
\rm /tmp/kr*

net -Ureutadmin%'mypasswd' ads join  createupn='nfs/suse1.reuint.com@xxxxxxxxxx'
net -Ureutadmin%'mypasswd' ads keytab add nfs

rcwinbind start


suse1:~/keytab # wbinfo -u
REUINT\administrator
REUINT\guest
REUINT\krbtgt
REUINT\reutadmin



suse1:~/keytab # ssh REUINT\\reutadmin@localhost
Password:
Last login: Tue Sep 20 10:13:54 2011 from localhost
Could not chdir to home directory /home/REUINT/reutadmin: No such file
or directory
REUINT\reutadmin@suse1:/>exit



#-------  ON NFS Server -----------------------------------------

suse1:~/keytab # klist -ke
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal

   2 nfs/suse1.reuint.com@xxxxxxxxxx (DES cbc mode with CRC-32)
   2 nfs/suse1.reuint.com@xxxxxxxxxx (DES cbc mode with RSA-MD5)
   2 nfs/suse1.reuint.com@xxxxxxxxxx (ArcFour with HMAC/md5)
   2 nfs/suse1@xxxxxxxxxx (DES cbc mode with CRC-32)
   2 nfs/suse1@xxxxxxxxxx (DES cbc mode with RSA-MD5)
   2 nfs/suse1@xxxxxxxxxx (ArcFour with HMAC/md5)

suse1:~/keytab # kinit -V  -k  nfs/suse1.reuint.com@xxxxxxxxxx
Authenticated to Kerberos v5


#-------  ON NFS Client  -----------------------------------------------

krbclient:~ # klist -ke

Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
   2 nfs/krbclient.reuint.com@xxxxxxxxxx (DES cbc mode with CRC-32)
   2 nfs/krbclient.reuint.com@xxxxxxxxxx (DES cbc mode with RSA-MD5)
   2 nfs/krbclient.reuint.com@xxxxxxxxxx (ArcFour with HMAC/md5)
   2 nfs/krbclient@xxxxxxxxxx (DES cbc mode with CRC-32)
   2 nfs/krbclient@xxxxxxxxxx (DES cbc mode with RSA-MD5)
   2 nfs/krbclient@xxxxxxxxxx (ArcFour with HMAC/md5)

krbclient:~ # kinit -V -k nfs/krbclient.reuint.com
Authenticated to Kerberos v5


krbclient:~ # showmount -e suse1.reuint.com
Export list for suse1.reuint.com:
/media/nfs4server gss/krb5i,gss/krb5

krbclient:~ # mount -vvv -tnfs4 -o sec=krb5  suse1.reuint.com:/  /media/nfs/
mount: fstab path: "/etc/fstab"
mount: mtab path:  "/etc/mtab"
mount: lock path:  "/etc/mtab~"
mount: temp path:  "/etc/mtab.tmp"
mount: UID:        0
mount: eUID:       0
mount: spec:  "suse1.reuint.com:/"
mount: node:  "/media/nfs/"
mount: types: "nfs4"
mount: opts:  "sec=krb5"
mount: external mount: argv[0] = "/sbin/mount.nfs4"
mount: external mount: argv[1] = "suse1.reuint.com:/"
mount: external mount: argv[2] = "/media/nfs/"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,sec=krb5"
mount.nfs4: timeout set for Tue Sep 20 11:05:15 2011
mount.nfs4: trying text-based options
'sec=krb5,addr=192.168.125.130,clientaddr=192.168.125.132'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting suse1.reuint.com:/

----------------------------------------------

Rgds,
Nattapon
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx


<Anterior por Tema] Tema Actual [Siguiente por Tema>
  • [opensuse] nfs4 kerberos con ANUNCIO2008R2 - kinit el éxito pero el monte fallaron, Nattapon Viroonsri <=