Re: cannot mount nfsv4/krb5 with krb51.7, 1.8 and 1.8.1

[Kevin Coffman <kwc@citi.umich.edu>]

On Tue, Apr 20, 2010 at 8:19 PM, Di Pe <dipeit@gmail.com> wrote:
> On Tue, Apr 20, 2010 at 6:19 AM, Kevin Coffman <kwc@citi.umich.edu> w=
rote:
>> Hi,
>>
>> If I read this right, you replaced krb5-1.8.1 with krb5-1.6.3 and it
>> fixed the problem?
>>
>> As I noted in your original message, you had "allow_weak_crypto =3D
>> true" in your krb5.conf. =A0For NFS, this is required with krb5-1.8
>> where DES is disabled by default. =A0Are you certain you have this
>> specified in your krb5-1.8.1 /etc/krb5.conf?
>
>
> Yes, I'm positive. 1.8.1 does not work 1.6.3 does! =A0This is my curr=
ent setting
>
> [libdefaults]
> =A0 =A0 =A0 =A0default_realm =3D FHCRC.ORG
> =A0 =A0 =A0 =A0clockskew =3D 300
> =A0 =A0 =A0 =A0default_tkt_enctypes =3D des-cbc-crc
> =A0 =A0 =A0 =A0default_tgs_enctypes =3D des-cbc-crc
> =A0 =A0 =A0 =A0permitted_enctypes =3D des-cbc-crc
> =A0 =A0 =A0 =A0allow_weak_crypto =3D true
> =A0 =A0 =A0 =A0forwardable =3D true
>
> I should add one more thing: I was using 2 different NFS servers, a
> NetApp 7.3.1.1 and Opentext NFS Maestro Server 2008 (formerly
> Hummingbird) on Windows 2008 R2 (AD is still 2003 R2). I found out
> today that the NetApp had a corrupted keytab and after repairing that
> it works fine with 1.8.1. NFS Maestro still only works with 1.6.3.
> Since I can use the 1.6.3 rpm package onto newer distros I can live
> with it for the moment if i block the rpm from getting updated but
> it's still kind of a hack.

Do you have access to logs on the server that still doesn't work with
1.8.1?  It seems odd that only this combination would fail.

K.C.