API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 29th, 2017
506
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.03 KB | None | 0 0
raw download clone embed print report
  1. mount.nfs4: access denied by server while mounting kdc.example.com:/var/backup
  2.  
  3. [logging]
  4. default = FILE:/var/log/krb5libs.log
  5. kdc = FILE:/var/log/krb5kdc.log
  6. admin_server = FILE:/var/log/kadmind.log
  7.  
  8. [libdefaults]
  9. default_realm = EXAMPLE.COM
  10. dns_lookup_realm = false
  11. dns_lookup_kdc = false
  12. ticket_lifetime = 24h
  13. renew_lifetime = 7d
  14. forwardable = true
  15.  
  16. [realms]
  17. EXAMPLE.COM = {
  18. kdc = kdc.example.com
  19. admin_server = kdc.example.com
  20. }
  21.  
  22. [domain_realm]
  23. .example.com = EXAMPLE.COM
  24. example.com = EXAMPLE.COM
  25.  
  26. /var/backup client.example.com(rw,sync,no_wdelay,nohide,no_subtree_check,no_root_squash,sec=krb5)
  27. /mnt/storage client.example.com(rw,sync,no_wdelay,nohide,no_subtree_check,no_root_squash,sec=krb5)
  28.  
  29. [kdcdefaults]
  30. kdc_ports = 88
  31. kdc_tcp_ports = 88
  32.  
  33. [realms]
  34. EXAMPLE.COM = {
  35. kdc_ports = 88
  36. admin_keytab = /etc/kadm5.keytab
  37. database_name = /var/kerberos/krb5kdc/principal
  38. acl_file = /var/kerberos/krb5kdc/kadm5.acl
  39. key_stash_file = /var/kerberos/krb5kdc/stash
  40. max_life = 10h 0m 0s
  41. max_renewable_life = 7d 0h 0m 0s
  42. master_key_type = des3-hmac-sha1
  43. supported_enctypes = arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
  44. default_principal_flags = +preauth
  45. }
  46.  
  47. #NFS area
  48. kdc.example.com:/var/backup /mnt/backup nfs4 rsize=65536,wsize=65536,nolock,hard,sec=krb5
  49. kdc.example.com:/mnt/storage /mnt/storage nfs4 rsize=65536,wsize=65536,nolock,hard,sec=krb5
  50.  
  51. mount -vv -t nfs4 -o sec=krb5 kdc.example.com:/var/backup backup
  52.  
  53. mount.nfs4: timeout set for Mon May 22 23:32:59 2017
  54. mount.nfs4: trying text-based options 'sec=krb5,addr=95.85.33.75,clientaddr=192.168.0.2'
  55. mount.nfs4: mount(2): Permission denied
  56. mount.nfs4: access denied by server while mounting kdc.example.com:/var/backup
  57.  
  58. CLIENT_NOT_FOUND: NOUSER@EXAMPLE.COM for krbtgt/EXAMPLE.COM@EXAMPLE.COM, Client not found in Kerberos database
  59.  
  60. Keytab name: FILE:/etc/krb5.keytab
  61. KVNO Principal
  62. ---- --------------------------------------------------------------------------
  63. 3 host/kdc.example.com@EXAMPLE.COM
  64. 3 host/kdc.example.com@EXAMPLE.COM
  65. 3 host/kdc.example.com@EXAMPLE.COM
  66. 3 nfs/kdc.example.com@EXAMPLE.COM
  67. 3 nfs/kdc.example.com@EXAMPLE.COM
  68. 3 nfs/kdc.example.com@EXAMPLE.COM
  69.  
  70. Keytab name: FILE:/etc/krb5.keytab
  71. KVNO Principal
  72. ---- --------------------------------------------------------------------------
  73. 2 host/client.example.com@EXAMPLE.COM
  74. 2 host/client.example.com@EXAMPLE.COM
  75. 2 host/client.example.com@EXAMPLE.COM
  76. 2 nfs/client.example.com@EXAMPLE.COM
  77. 2 nfs/client.example.com@EXAMPLE.COM
  78. 2 nfs/client.example.com@EXAMPLE.COM
  79.  
  80. kadmin: listprincs
  81. K/M@EXAMPLE.COM
  82. edrive@EXAMPLE.COM
  83. host/client.example.com@EXAMPLE.COM
  84. host/kdc.example.com@EXAMPLE.COM
  85. kadmin/admin@EXAMPLE.COM
  86. kadmin/changepw@EXAMPLE.COM
  87. kadmin/example.com@EXAMPLE.COM
  88. krbtgt/EXAMPLE.COM@EXAMPLE.COM
  89. nfs/client.example.com@EXAMPLE.COM
  90. nfs/kdc.example.com@EXAMPLE.COM
  91. root/admin@EXAMPLE.COM
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!