Dear all,
For several months, I have been trying to get NFS working in a large mixed-machine environment. We have a Hitachi NAS configured for NFS with Kerberos, and our clients are running Rocky Linux. We are attempting to mount the NFS share using Kerberos authentication.
On the client side, I believe Kerberos is configured correctly. I can log in via SSH using Kerberos, and I can mount CIFS shares with Kerberos authentication. However, the one thing I cannot get to work is mounting an NFSv4 share.
I suspect the main issue is obtaining the correct principal from the KDC. Here is the relevant output from rpc.gssd:
handle_gssd_upcall(0x7fa12722c840): 'mech=krb5 uid=0 service=* enctypes=20,19,26,25,18,17' (nfs/clnt2f)
start_upcall_thread(0x7fa12722c840): created thread id 0x7fa1259fd640
krb5_use_machine_creds(0x7fa1259fd640): uid 0 tgtname (null)
No key table entry found for radstation26$@PRD.CORP while getting keytab entry for 'radstation26$@PRD.CORP'
find_keytab_entry(0x7fa1259fd640): Success getting keytab entry for 'RADSTATION26$@PRD.CORP'
gssd_get_single_krb5_cred(0x7fa1259fd640): principal 'RADSTATION26$@PRD.CORP' ccache:'FILE:/tmp/krb5ccmachine_PRD.CORP'
gssd_get_single_krb5_cred(0x7fa1259fd640): Credentials in CC 'FILE:/tmp/krb5ccmachine_PRD.CORP' are valid until Fri Mar 21 22:22:17 2025
limit_krb5_enctypes: using enctypes from the kernel
create_auth_rpc_client(0x7fa1259fd640): creating TCP client for server pg-fs010.prd.corp
create_auth_rpc_client(0x7fa1259fd640): creating context with server nfs@pg-fs010.prd.corp
WARNING: Failed to create krb5 context for user with UID 0 for server nfs@pg-fs010.prd.corp
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_PRD.CORP for server pg-fs010.prd.corp
WARNING: Machine cache prematurely expired or is corrupted, trying to recreate cache for server pg-fs010.prd.corp
No key table entry found for radstation26$@PRD.CORP while getting keytab entry for 'radstation26$@PRD.CORP'
find_keytab_entry(0x7fa1259fd640): Success getting keytab entry for 'RADSTATION26$@PRD.CORP'
gssd_get_single_krb5_cred(0x7fa1259fd640): Credentials in CC 'FILE:/tmp/krb5ccmachine_PRD.CORP' are valid until Fri Mar 21 22:22:17 2025
limit_krb5_enctypes: using enctypes from the kernel
create_auth_rpc_client(0x7fa1259fd640): creating TCP client for server pg-fs010.prd.corp
create_auth_rpc_client(0x7fa1259fd640): creating context with server nfs@pg-fs010.prd.corp
WARNING: Failed to create krb5 context for user with UID 0 for server nfs@pg-fs010.prd.corp
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_PRD.CORP for server pg-fs010.prd.corp
ERROR: Failed to create machine krb5 context with any credentials cache for server pg-fs010.prd.corp
do_error_downcall(0x7fa1259fd640): UID 0, error -13
Due to my limited knowledge of Kerberos, I am reaching out to the forum for guidance. Is there anyone who can point me in the right direction to resolve this issue?
Best regards,