SECURE_NFS="yes"RPCGSSDARGS="-vvvvvvv"RPCSVCGSSDARGS="-n -vvvvv -rrrrr -iiiiii

1. SECURE_NFS="yes"
2. RPCGSSDARGS="-vvvvvvv"
3. RPCSVCGSSDARGS="-n -vvvvv -rrrrr -iiiiii"
4.  
5. [General]
6. Verbosity = 3
7. Domain = mycompany.com
8.  
9.  
10. [Mapping]
11.  
12. Nobody-User = nobody
13. Nobody-Group = nobody
14.  
15. [Translation]
16.  
17. Method = nsswitch
18.  
19. [libdefaults]
20. default_realm = MYCOMPANY.COM
21. ticket_lifetime = 25h
22. renew_lifetime = 120h
23. forwardable = true
24. proxiable = true
25. default_tkt_enctypes = arcfour-hmac-md5 aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc
26. allow_weak_crypto = true
27. chpw_prompt = true
28.  
29. [realms]
30. MYCOMPANY.COM = {
31. default_domain = mycompany.com
32. kpasswd_server = dc.mycompany.com
33. admin_server = dc.mycompany.com
34. kdc = dc.mycompany.com
35.  
36. v4_name_convert = {
37. host = {
38. rcmd = host
39. }
40. }
41. }
42. [domain_realm]
43. .mycompany.com = MYCOMPANY.COM
44. [appdefaults]
45. pkinit_pool = DIR:/etc/pki/tls/certs/
46. pkinit_anchors = DIR:/etc/pki/tls/certs/
47. pam = {
48. external = true
49. krb4_convert = false
50. krb4_convert_524 = false
51. krb4_use_as_req = false
52. ticket_lifetime = 25h
53. use_shmem = sshd
54. }
55.  
56. /exports *(rw,async,no_root_squash,insecure,no_subtree_check,fsid=0,sec=krb5)
57. /exports/data *(rw,async,no_root_squash,insecure,no_subtree_check,nohide,sec=krb5)
58.  
59. mount -vvvv -t nfs4 -o rw,sec=krb5 nfs-srv-1:/ /mnt
60.  
61. mount: fstab path: "/etc/fstab"
62. mount: mtab path: "/etc/mtab"
63. mount: lock path: "/etc/mtab~"
64. mount: temp path: "/etc/mtab.tmp"
65. mount: UID: 0
66. mount: eUID: 0
67. mount: spec: "nfs-srv-1:/"
68. mount: node: "/mnt"
69. mount: types: "nfs4"
70. mount: opts: "rw,sec=krb5"
71. final mount options: 'sec=krb5'
72. mount: external mount: argv[0] = "/sbin/mount.nfs4"
73. mount: external mount: argv[1] = "nfs-srv-1:/"
74. mount: external mount: argv[2] = "/mnt"
75. mount: external mount: argv[3] = "-v"
76. mount: external mount: argv[4] = "-o"
77. mount: external mount: argv[5] = "rw,sec=krb5"
78. mount.nfs4: timeout set for Thu Sep 3 15:19:19 2015
79. mount.nfs4: trying text-based options 'sec=krb5,addr=xxx.xxx.xx.xxx,clientaddr=xxx.xxx.xx.xxx'
80. mount.nfs4: mount(2): Permission denied
81. mount.nfs4: access denied by server while mounting nfs-srv-1:/
82.  
83. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt8b)
84. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
85. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt8b)
86. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: process_krb5_upcall: service is '<null>'
87. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: Full hostname for 'nfs-srv-1.mycompany.com' is 'nfs-srv-1.mycompany.com'
88. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: Full hostname for 'nfs-srv-1.mycompany.com' is 'nfs-srv-1.mycompany.com'
89. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: No key table entry found for NFS-SRV-1$@MYCOMPANY.COM while getting keytab entry for 'NFS-SRV-1$@MYCOMPANY.COM'
90. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: No key table entry found for root/nfs-srv-1.mycompany.com@MYCOMPANY.COM while getting keytab entry for 'root/nfs-srv-1.mycompany.com@MYCOMPANY.COM'
91. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: No key table entry found for nfs/nfs-srv-1.mycompany.com@MYCOMPANY.COM while getting keytab entry for 'nfs/nfs-srv-1.mycompany.com@MYCOMPANY.COM'
92. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: Success getting keytab entry for 'host/nfs-srv-1.mycompany.com@MYCOMPANY.COM'
93. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYCOMPANY.COM' are good until 1441374524
94. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYCOMPANY.COM' are good until 1441374524
95. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: using FILE:/tmp/krb5cc_machine_MYCOMPANY.COM as credentials cache for machine creds
96. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_MYCOMPANY.COM
97. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: creating context using fsuid 0 (save_uid 0)
98. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: creating tcp client for server nfs-srv-1.mycompany.com
99. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: DEBUG: port already set to 2049
100. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: creating context with server nfs@nfs-srv-1.mycompany.com
101. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: WARNING: Failed to create krb5 context for user with uid 0 for server nfs-srv-1.mycompany.com
102. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_MYCOMPANY.COM for server nfs-srv-1.mycompany.com
103. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: WARNING: Machine cache is prematurely expired or corrupted trying to recreate cache for server nfs-srv-1.mycompany.com
104. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: Full hostname for 'nfs-srv-1.mycompany.com' is 'nfs-srv-1.mycompany.com'
105. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: Full hostname for 'nfs-srv-1.mycompany.com' is 'nfs-srv-1.mycompany.com'
106. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: No key table entry found for NFS-SRV-1$@MYCOMPANY.COM while getting keytab entry for 'NFS-SRV-1$@MYCOMPANY.COM'
107. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: No key table entry found for root/nfs-srv-1.mycompany.com@MYCOMPANY.COM while getting keytab entry for 'root/nfs-srv-1.mycompany.com@MYCOMPANY.COM'
108. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: No key table entry found for nfs/nfs-srv-1.mycompany.com@MYCOMPANY.COM while getting keytab entry for 'nfs/nfs-srv-1.mycompany.com@MYCOMPANY.COM'
109. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: Success getting keytab entry for 'host/nfs-srv-1.mycompany.com@MYCOMPANY.COM'
110. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYCOMPANY.COM' are good until 1441374524
111. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MYCOMPANY.COM' are good until 1441374524
112. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: using FILE:/tmp/krb5cc_machine_MYCOMPANY.COM as credentials cache for machine creds
113. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_MYCOMPANY.COM
114. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: creating context using fsuid 0 (save_uid 0)
115. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: creating tcp client for server nfs-srv-1.mycompany.com
116. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: DEBUG: port already set to 2049
117. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: creating context with server nfs@nfs-srv-1.mycompany.com
118. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: WARNING: Failed to create krb5 context for user with uid 0 for server nfs-srv-1.mycompany.com
119. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_MYCOMPANY.COM for server nfs-srv-1.mycompany.com
120. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: WARNING: Failed to create machine krb5 context with any credentials cache for server nfs-srv-1.mycompany.com
121. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: doing error downcall
122. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt8c
123. Sep 3 15:17:58 nfs-srv-1 rpc.gssd[3437]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt8b
124.  
125. Ticket cache: FILE:/tmp/krb5cc_machine_MYCOMPANY.COM
126. Default principal: host/nfs-srv-1.mycompany.com@MYCOMPANY.COM
127.  
128. Valid starting Expires Service principal
129. 09/04/15 10:34:34 09/05/15 11:34:34 krbtgt/MYCOMPANY.COM@MYCOMPANY.COM
130. renew until 09/09/15 10:34:34