hunter86_bg wrote:I didn't expect such large keytabs.
You have to check why the nfs-secure-server.service fails.Read the service file via
Code: Select all
systemctl cat nfs-secure-server.service
and check what is the dependency.
Then edit the /etc/sysconfig/nfs and add "-vvv" to the last 2 entries (rpc...).
By the way how old is this CentOS?
About the difference in the keytabs - that's acceptable as long as the KVNO number is the same on AD,server and host for the nfs/fqdn@REALM entries.
Did you check if the ip's resolve to their FQDNs ?
If this is a very old machine - you have to update it as RHEL7.0(and CentOS respectively) had very nasty bugs.
yes keytab files looks pretty bad,i added nfs/ark-centos-smb4.qa.arkivio.com nfs/ark-centos7-ker.qa.arkivio.com to krb5.keytab file manually... because after joined AD via realm command there is no such nfs/* principals in both keytab files
from klist result their KVNO number is not the same
investigated disabled nfs-secure-server.service found its required service nfs-config service was down too,manually enable didn't working
/var/log/messages reports some ldap errors instead
did some research seems in centos7.3 nfs-secure-server is not working anymore(only take effect in 7.0)
Code: Select all
Aug 28 23:44:24 ark-centos7-ker nslcd[995]: [89544e] <group/member="arkadmin@QA.ARKIVIO.COM"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 28 23:44:24 ark-centos7-ker systemd: Starting Preprocess NFS configuration...
Aug 28 23:44:24 ark-centos7-ker nslcd[995]: [89544e] <group/member="arkadmin@QA.ARKIVIO.COM"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 28 23:44:24 ark-centos7-ker nslcd[995]: [1c355c] <group/member="arkadmin@QA.ARKIVIO.COM"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 28 23:44:24 ark-centos7-ker nslcd[995]: [1c355c] <group/member="arkadmin@QA.ARKIVIO.COM"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 28 23:44:24 ark-centos7-ker systemd: Started Preprocess NFS configuration.
Aug 28 23:44:24 ark-centos7-ker nslcd[995]: [6e3b11] <group/member="arkadmin@QA.ARKIVIO.COM"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 28 23:44:24 ark-centos7-ker nslcd[995]: [6e3b11] <group/member="arkadmin@QA.ARKIVIO.COM"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 28 23:44:24 ark-centos7-ker nslcd[995]: [035eb3] <group/member="arkadmin@QA.ARKIVIO.COM"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
Aug 28 23:44:24 ark-centos7-ker nslcd[995]: [035eb3] <group/member="arkadmin@QA.ARKIVIO.COM"> ldap_result() failed: Operations error: 000004DC: LdapErr: DSID-0C090A22, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839
both forward,backward DNS lookup are working,it's centos7.3
I used RHEL7 documents to configure my cnetos since there is no relevant doc specific to centos7 since it was acquired by redhat
Thanks