包含rpc.gssd - krb5.conf
包含rpc.gssd - krb5.conf
提问于 2017-07-04 13:32:30
我正在尝试用includedir创建nfs kerberos配置。背景如下:
- 默认领域指向TEST.REALM.COM (hadoop安装)
- nas/nfs领域指向NFS.ANOTHER.REALM.COM
当我将所有的realms和domain realms放在krb5.conf文件中时,我能够挂载我的nfs共享。当我使用includedir标签时,认为不会有效果。
这是我的krb5.conf
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = false
forwardable = true
allow_weak_crypto = false下面是默认hadoop领域的配置文件
[libdefaults]
default_realm = TEST.REALM.COM
TEST.REALM.COM = {
ticket_lifetime = 1d
renew_lifetime = 14d
}
[realms]
TEST.REALM.COM = {
kdc = admhadoop1.realm.com
kdc = admhadoop1.realm.com
admin_server = admhadoop1.realm.com
}
[domain_realm]
.realm.com = TEST.REALM.COM
realm.com = TEST.REALM.COM下面是nfs领域的配置
[libdefaults]
NFS.ANOTHER.REALM.COM = {
ticket_lifetime = 14d
renew_lifetime = 180d
}
[realms]
NFS.ANOTHER.REALM.COM = {
kdc = admnfs1.realm.com
kdc = admnfs2.realm.com
admin_server = admnfs1.realm.com
}
[domain_realm]
nfs01.realm.com = NFS.ANOTHER.REALM.COM/etc/krb5.keytab只包含test01服务器的用户主机、nfs和根目录。
当我尝试从nfs01.realm.com挂载一个共享时,会遇到这样的错误:
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a185b0 data 0x7fff55a18480
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt16)
rpc.gssd[7078]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
rpc.gssd[7078]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt16)
rpc.gssd[7078]: process_krb5_upcall: service is '<null>'
rpc.gssd[7078]: Full hostname for 'nfs01.realm.com' is 'nfs01.realm.com'
rpc.gssd[7078]: Full hostname for 'test01.realm.com' is 'test01.realm.com'
rpc.gssd[7078]: No key table entry found for TEST01$@TEST.REALM.COM while getting keytab entry for 'TEST01$@TEST.REALM.COM'
rpc.gssd[7078]: No key table entry found for root/test01.realm.com@TEST.REALM.COM while getting keytab entry for 'root/test01.realm.com@TEST.REALM.COM
rpc.gssd[7078]: No key table entry found for nfs/test01.realm.com@TEST.REALM.COM while getting keytab entry for 'nfs/test01.realm.com@TEST.REALM.COM
rpc.gssd[7078]: No key table entry found for host/test01.realm.com@TEST.REALM.COM while getting keytab entry for 'host/test01.realm.com@TEST.REALM.COM
rpc.gssd[7078]: ERROR: gssd_refresh_krb5_machine_credential: no usable keytab entry found in keytab /etc/krb5.keytab for connection with host nfs01.realm.com
rpc.gssd[7078]: ERROR: No credentials found for connection to server nfs01.realm.com
rpc.gssd[7078]: doing error downcall
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt17
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000
rpc.gssd[7078]: dir_notify_handler: sig 37 si 0x7fff55a1d130 data 0x7fff55a1d000看起来nfs deamon不适用于includedir标记。
你觉得呢?
回答 1
Stack Overflow用户
发布于 2017-07-05 09:13:03
问题是所包含的目录中的文件只应该有alphanumerical名称(带有"-“和"_"),而不是像我这样的".”。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/44907419
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号