服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 由于“在Kerberos数据库中找不到服务器”错误,NFS(与Kerberos)挂载失败
Intereting Posts
如何使用ldapmodify命令更改ldap目录的所有条目的属性值? 如果没有index.html页面,获取nginx总是加载/webdir/page.php目录 使用不支持ISO的RPM(CentOS5.x) 请求过滤图标丢失 451临时本地 – PHP邮件程序 仅当文件不存在时才符号链接 将Windows 2008 R2从PC迁移到其他PC Exchange 2010邮箱复制服务错误 MySQL innodb破坏,主机名更改后 有人熟悉ServersAlive吗? SSH代理转发debian挤 Apache,Tomcat和mod_jk进行负载平衡 Linux Red Hat调整VM resize2fs的大小 – 无法find有效的文件系统超级块 虚拟PC:客户Linux与主机操作系统有不同的时区时钟问题 WAMP没有开始

由于“在Kerberos数据库中找不到服务器”错误,NFS(与Kerberos)挂载失败

运行时: 

sudo mount -t nfs4 -o sec=krb5 sol.domain.com:/ /mnt

我在客户端得到这个错误: 

 mount.nfs4: access denied by server while mounting sol.domain.com:/

并在我读的服务器系统日志 

 UNKNOWN_SERVER: authtime 0, nfs/[email protected] for nfs/ip-#-#-#-#[email protected], Server not found in Kerberos database UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database UNKNOWN_SERVER: authtime 0, nfs/[email protected] for nfs/ip-#-#-#-#[email protected], Server not found in Kerberos database UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database UNKNOWN_SERVER: authtime 0, nfs/[email protected] for krbtgt/[email protected], Server not found in Kerberos database

服务器密钥表文件: 

 ubuntu@sol:~$ sudo klist -e -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 7 host/[email protected] (aes256-cts-hmac-sha1-96) 7 host/[email protected] (arcfour-hmac) 7 host/[email protected] (des3-cbc-sha1) 7 host/[email protected] (des-cbc-crc) 9 nfs/[email protected] (aes256-cts-hmac-sha1-96) 9 nfs/[email protected] (arcfour-hmac) 9 nfs/[email protected] (des3-cbc-sha1) 9 nfs/[email protected] (des-cbc-crc)

客户端密钥表文件: 

 ubuntu@mercury:~$ sudo klist -e -k /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 3 host/[email protected] (aes256-cts-hmac-sha1-96) 3 host/[email protected] (arcfour-hmac) 3 host/[email protected] (des3-cbc-sha1) 3 host/[email protected] (des-cbc-crc) 3 nfs/[email protected] (aes256-cts-hmac-sha1-96) 3 nfs/[email protected] (arcfour-hmac) 3 nfs/[email protected] (des3-cbc-sha1) 3 nfs/[email protected] (des-cbc-crc)

似乎IP的反向名称parsing与您所期望的名称不匹配。 确保mercury.domain.comsol.domain.com是在相关IP地址之后添加到/etc/hosts第一个名称。 为了安全起见,只需在机器的IP地址和Kerberos预期的主机名上面添加几行即可。 

 10.xyz sol.domain.com sol ip-blah-blah 10.abc mercury.domain.com mercury ip-other-other

确保这两行都存在于客户端和服务器上。

通过在客户端和服务器上运行以下命令validation设置也是一个好主意。 确保为每个IP地址打印的第一个主机名是您所期望的。 

 getent hosts 10.xyz 10.abc