Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014
 
 

Problems Mounting a Kerberized NFS File System

  • If mounting a Kerberized NFS file system fails, make sure that the /var/rcache/root file exists on the NFS server. If the file system is not owned by root, remove it and try the mount again.

  • If you have a problem accessing a Kerberized NFS file system, make sure that the gssd service is enabled on your system and the NFS server.

  • If you see either the invalid argument or bad directory error message when you are trying to access a Kerberized NFS file system, the problem might be that you are not using a fully qualified DNS name when you are trying to mount the NFS file system. The host that is being mounted is not the same as the host name part of the service principal in the server's keytab file.

    This problem might also occur if your server has multiple Ethernet interfaces, and you have set up DNS to use a “name per interface” scheme instead of a “multiple address records per host” scheme. For the Kerberos service, you should set up multiple address records per host as follows

    Ken Hornstein, “Kerberos FAQ,” [http://www.cmf.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html#kerbdns], accessed 10 March 2010.

    :

    my.host.name.   A       1.2.3.4
    A       1.2.4.4
    A       1.2.5.4
    
    my-en0.host.name.       A       1.2.3.4
    my-en1.host.name.       A       1.2.4.4
    my-en2.host.name.       A       1.2.5.4
    
    4.3.2.1         PTR     my.host.name.
    4.4.2.1         PTR     my.host.name.
    4.5.2.1         PTR     my.host.name.

In this example, the setup allows one reference to the different interfaces and a single service principal instead of three service principals in the server's keytab file.