next up previous contents
Next: 除錯二 Up: **NFSv4+kerberos 除錯 Previous: **NFSv4+kerberos 除錯   Contents

除錯一

  1. 從 nfs server kvm5 查看 nfs/kvm7.deyu.wang@DEYU.WANG principal key 的 vno 為 2。
    [root@kvm5 ~]# kadmin.local -q 'get_principal nfs/kvm7.deyu.wang@DEYU.WANG'
    Authenticating as principal nfs/admin@DEYU.WANG with password.
    Principal: nfs/kvm7.deyu.wang@DEYU.WANG
    Expiration date: [never]
    Last password change: Fri Dec 04 16:52:33 CST 2015
    Password expiration date: [none]
    Maximum ticket life: 1 day 00:00:00
    Maximum renewable life: 0 days 00:00:00
    Last modified: Fri Dec 04 16:52:33 CST 2015 (root/admin@DEYU.WANG)
    Last successful authentication: [never]
    Last failed authentication: [never]
    Failed password attempts: 0
    Number of keys: 8
    Key: vno 2, aes256-cts-hmac-sha1-96, no salt
    Key: vno 2, aes128-cts-hmac-sha1-96, no salt
    Key: vno 2, des3-cbc-sha1, no salt
    Key: vno 2, arcfour-hmac, no salt
    Key: vno 2, camellia256-cts-cmac, no salt
    Key: vno 2, camellia128-cts-cmac, no salt
    Key: vno 2, des-hmac-sha1, no salt
    Key: vno 2, des-cbc-md5, no salt
    MKey: vno 1
    Attributes:
    Policy: [none]
    
  2. 從 nfs client kvm7 查看 /etc/krb5.keytab 的 KVNO 為 4,與 server 查到的 vno 2 不同。
    [root@kvm7 ~]# klist -kte /etc/krb5.keytab
    Keytab name: FILE:/etc/krb5.keytab
    KVNO Timestamp           Principal
    ---- ------------------- ------------------------------------------------------
       4 11/18/2015 12:18:01 nfs/kvm7.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96)
       4 11/18/2015 12:18:01 nfs/kvm7.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96)
       4 11/18/2015 12:18:01 nfs/kvm7.deyu.wang@DEYU.WANG (des3-cbc-sha1)
       4 11/18/2015 12:18:01 nfs/kvm7.deyu.wang@DEYU.WANG (arcfour-hmac)
       4 11/18/2015 12:18:01 nfs/kvm7.deyu.wang@DEYU.WANG (camellia256-cts-cmac)
       4 11/18/2015 12:18:01 nfs/kvm7.deyu.wang@DEYU.WANG (camellia128-cts-cmac)
       4 11/18/2015 12:18:01 nfs/kvm7.deyu.wang@DEYU.WANG (des-hmac-sha1)
       4 11/18/2015 12:18:01 nfs/kvm7.deyu.wang@DEYU.WANG (des-cbc-md5)
    
  3. 重新下載 keytab。
    [root@kvm7 ~]# wget http://deyu.wang/kvm7.keytab -O /etc/krb5.keytab
    
  4. 從 nfs client kvm7 查看 /etc/krb5.keytab 的 KVNO,與 server 查到的 vno 一樣為 2。
    [root@kvm7 ~]# klist -kte /etc/krb5.keytab
    Keytab name: FILE:/etc/krb5.keytab
    KVNO Timestamp           Principal
    ---- ------------------- ------------------------------------------------------
       2 09/22/2015 23:01:08 nfs/kvm7.deyu.wang@DEYU.WANG (aes256-cts-hmac-sha1-96)
       2 09/22/2015 23:01:08 nfs/kvm7.deyu.wang@DEYU.WANG (aes128-cts-hmac-sha1-96)
       2 09/22/2015 23:01:08 nfs/kvm7.deyu.wang@DEYU.WANG (des3-cbc-sha1)
       2 09/22/2015 23:01:08 nfs/kvm7.deyu.wang@DEYU.WANG (arcfour-hmac)
       2 09/22/2015 23:01:08 nfs/kvm7.deyu.wang@DEYU.WANG (camellia256-cts-cmac)
       2 09/22/2015 23:01:08 nfs/kvm7.deyu.wang@DEYU.WANG (camellia128-cts-cmac)
       2 09/22/2015 23:01:08 nfs/kvm7.deyu.wang@DEYU.WANG (des-hmac-sha1)
       2 09/22/2015 23:01:08 nfs/kvm7.deyu.wang@DEYU.WANG (des-cbc-md5)
    



De-Yu Wang 2018-07-11