User:Mattst88/NFS+Kerberos

= TODO = = Troubleshooting =

DNS

 * DNS is critical to Kerberos, so make sure that both client and server can do reverse DNS lookups of the other's IP and obtain its fully-qualified domain name. If the client, for example, cannot do a reverse DNS lookup of the server's IP, it will fail.

Using  from :

Feb 26 09:09:24 server krb5kdc[691]: TGS_REQ (4 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23)}) 10.0.0.33: LOOKING_UP_SERVER: authtime 0, etypes {rep=UNSUPPORTED:(0)} root/imac-g4.mattst88.com@MATTST88.COM for nfs/_gateway@MATTST88.COM, Server not found in Kerberos database

In this case, removing  and   from the   resolved the error above:

Feb 23 17:29:30 server krb5kdc[691]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.0.33: NEEDED_PREAUTH: root/imac-g4.mattst88.com@MATTST88.COM for krbtgt/MATTST88.COM@MATTST88.COM, Additional pre-authentication required Feb 23 17:29:30 server krb5kdc[691]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.0.33: ISSUE: authtime 1645666170, etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, root/imac-g4.mattst88.com@MATTST88.COM for krbtgt/MATTST88.COM@MATTST88.COM Feb 23 17:29:30 server krb5kdc[691]: TGS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.0.33: ISSUE: authtime 1645666170, etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, root/imac-g4.mattst88.com@MATTST88.COM for nfs/server.mattst88.com@MATTST88.COM Feb 23 17:29:30 server krb5kdc[691]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.0.33: NEEDED_PREAUTH: portage/imac-g4.mattst88.com@MATTST88.COM for krbtgt/MATTST88.COM@MATTST88.COM, Additional pre-authentication required Feb 23 17:29:30 server krb5kdc[691]: AS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.0.33: ISSUE: authtime 1645666170, etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, portage/imac-g4.mattst88.com@MATTST88.COM for krbtgt/MATTST88.COM@MATTST88.COM Feb 23 17:29:30 server krb5kdc[691]: TGS_REQ (8 etypes {aes256-cts-hmac-sha1-96(18), aes128-cts-hmac-sha1-96(17), aes256-cts-hmac-sha384-192(20), aes128-cts-hmac-sha256-128(19), DEPRECATED:des3-cbc-sha1(16), DEPRECATED:arcfour-hmac(23), camellia128-cts-cmac(25), camellia256-cts-cmac(26)}) 10.0.0.33: ISSUE: authtime 1645666170, etypes {rep=aes256-cts-hmac-sha1-96(18), tkt=aes256-cts-hmac-sha1-96(18), ses=aes256-cts-hmac-sha1-96(18)}, portage/imac-g4.mattst88.com@MATTST88.COM for nfs/server.mattst88.com@MATTST88.COM