Ken*_*ins 8 nfs mount kerberos amazon-ec2
运行时:
sudo mount -t nfs4 -o sec=krb5 sol.domain.com:/ /mnt
我在客户端上收到此错误:
mount.nfs4: access denied by server while mounting sol.domain.com:/
在我读到的服务器系统日志上
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for nfs/ip-#-#-#-#.ec2.internal@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/EC2.INTERNAL@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/INTERNAL@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/COM@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/DOMAIN.COM@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for nfs/ip-#-#-#-#.ec2.internal@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/EC2.INTERNAL@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/INTERNAL@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/COM@SOL.DOMAIN.COM, Server not found in Kerberos database
UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for krbtgt/DOMAIN.COM@SOL.DOMAIN.COM, Server not found in Kerberos database
服务器密钥表文件:
ubuntu@sol:~$ sudo klist -e -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
7 host/sol.domain.com@SOL.DOMAIN.COM (aes256-cts-hmac-sha1-96)
7 host/sol.domain.com@SOL.DOMAIN.COM (arcfour-hmac)
7 host/sol.domain.com@SOL.DOMAIN.COM (des3-cbc-sha1)
7 host/sol.domain.com@SOL.DOMAIN.COM (des-cbc-crc)
9 nfs/sol.domain.com@SOL.DOMAIN.COM (aes256-cts-hmac-sha1-96)
9 nfs/sol.domain.com@SOL.DOMAIN.COM (arcfour-hmac)
9 nfs/sol.domain.com@SOL.DOMAIN.COM (des3-cbc-sha1)
9 nfs/sol.domain.com@SOL.DOMAIN.COM (des-cbc-crc)
客户端密钥表文件:
ubuntu@mercury:~$ sudo klist -e -k /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 host/mercury.domain.com@SOL.DOMAIN.COM (aes256-cts-hmac-sha1-96)
3 host/mercury.domain.com@SOL.DOMAIN.COM (arcfour-hmac)
3 host/mercury.domain.com@SOL.DOMAIN.COM (des3-cbc-sha1)
3 host/mercury.domain.com@SOL.DOMAIN.COM (des-cbc-crc)
3 nfs/mercury.domain.com@SOL.DOMAIN.COM (aes256-cts-hmac-sha1-96)
3 nfs/mercury.domain.com@SOL.DOMAIN.COM (arcfour-hmac)
3 nfs/mercury.domain.com@SOL.DOMAIN.COM (des3-cbc-sha1)
3 nfs/mercury.domain.com@SOL.DOMAIN.COM (des-cbc-crc)
IP 的反向名称解析似乎与您期望的名称不匹配。确保mercury.domain.com和sol.domain.com是您在相关 IP 地址之后添加的第一个名称。/etc/hosts为了安全起见,只需在顶部添加几行,其中包含计算机的 IP 地址和 kerberos 所需的主机名。
10.x.y.z sol.domain.com sol ip-blah-blah
10.a.b.c mercury.domain.com mercury ip-other-other
确保这两行都存在于客户端和服务器上。
通过在客户端和服务器上运行以下命令来验证设置也是一个好主意。确保为每个 IP 地址打印的第一个主机名是您期望的主机名。
getent hosts 10.x.y.z 10.a.b.c
| 归档时间: |
|
| 查看次数: |
3581 次 |
| 最近记录: |