Can i change SPN while mounting nfsv4 export

General support questions
Post Reply
xq10907
Posts: 27
Joined: 2017/08/08 03:33:41

Can i change SPN while mounting nfsv4 export

Post by xq10907 » 2018/05/18 12:41:56

Hi guys, i have a centos(ark-centos7-ker.qa.arkivio.com) to mount netapp nfsv4 export,

Code: Select all

sudo mount -t nfs -o v4.0,sec=krb5 qavs3-qacl6.qa.arkivio.com:/vol2/vol2nfs1 /nfs4-mnt-dir
the login user is domain user qa1@qa.arkivio.com
from below netapp nfsv4 server log centos using SPN with machine account(ARK-CENTOS7-KER$@QA.ARKIVIO.COM) instead of user account(qa1@qa.arkivio.com)

Code: Select all

  [    11] Trying to map SPN 'ARK-CENTOS7-KER$@QA.ARKIVIO.COM' to UNIX user 'ARK-CENTOS7-KER$' using implicit mapping
can i let centos to use user SPN(qa1@qa.arkivio.com) to talk with nfsv4 server?
here is kerberos tickets in centos

Code: Select all

[qa1@ark-centos7-ker ~]$ sudo klist -kte

Keytab name: FILE:/etc/krb5.keytab

KVNO Timestamp           Principal

---- ------------------- ------------------------------------------------------

   2 04/12/2018 23:13:17 host/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (des-cbc-crc)

   2 04/12/2018 23:13:17 host/ARK-CENTOS7-KER@QA.ARKIVIO.COM (des-cbc-crc)

   2 04/12/2018 23:13:17 host/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (des-cbc-md5)

   2 04/12/2018 23:13:17 host/ARK-CENTOS7-KER@QA.ARKIVIO.COM (des-cbc-md5)

   2 04/12/2018 23:13:17 host/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (aes128-cts-hmac-sha1-96)

   2 04/12/2018 23:13:17 host/ARK-CENTOS7-KER@QA.ARKIVIO.COM (aes128-cts-hmac-sha1-96)

   2 04/12/2018 23:13:17 host/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (aes256-cts-hmac-sha1-96)

   2 04/12/2018 23:13:17 host/ARK-CENTOS7-KER@QA.ARKIVIO.COM (aes256-cts-hmac-sha1-96)

   2 04/12/2018 23:13:17 host/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (arcfour-hmac)

   2 04/12/2018 23:13:17 host/ARK-CENTOS7-KER@QA.ARKIVIO.COM (arcfour-hmac)

   2 04/12/2018 23:13:17 ARK-CENTOS7-KER$@QA.ARKIVIO.COM (des-cbc-crc)

   2 04/12/2018 23:13:17 ARK-CENTOS7-KER$@QA.ARKIVIO.COM (des-cbc-md5)

   2 04/12/2018 23:13:17 ARK-CENTOS7-KER$@QA.ARKIVIO.COM (aes128-cts-hmac-sha1-96)

   2 04/12/2018 23:13:17 ARK-CENTOS7-KER$@QA.ARKIVIO.COM (aes256-cts-hmac-sha1-96)

   2 04/12/2018 23:13:17 ARK-CENTOS7-KER$@QA.ARKIVIO.COM (arcfour-hmac)

   2 04/12/2018 23:13:17 nfs/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (des-cbc-crc)

   2 04/12/2018 23:13:17 nfs/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (des-cbc-md5)

   2 04/12/2018 23:13:17 nfs/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (aes128-cts-hmac-sha1-96)

   2 04/12/2018 23:13:18 nfs/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (aes256-cts-hmac-sha1-96)

   2 04/12/2018 23:13:18 nfs/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (arcfour-hmac)

   3 05/13/2018 01:17:56 ARK-CENTOS7-KER$@QA.ARKIVIO.COM (des-cbc-crc)

   3 05/13/2018 01:17:56 ARK-CENTOS7-KER$@QA.ARKIVIO.COM (des-cbc-md5)

  3 05/13/2018 01:17:56 ARK-CENTOS7-KER$@QA.ARKIVIO.COM (arcfour-hmac)

   3 05/13/2018 01:17:56 ARK-CENTOS7-KER$@QA.ARKIVIO.COM (aes128-cts-hmac-sha1-96)

   3 05/13/2018 01:17:56 ARK-CENTOS7-KER$@QA.ARKIVIO.COM (aes256-cts-hmac-sha1-96)

   3 05/13/2018 01:17:56 host/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (des-cbc-crc)

   3 05/13/2018 01:17:56 host/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (des-cbc-md5)

   3 05/13/2018 01:17:56 host/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (arcfour-hmac)

   3 05/13/2018 01:17:56 host/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (aes128-cts-hmac-sha1-96)

   3 05/13/2018 01:17:56 host/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (aes256-cts-hmac-sha1-96)

   3 05/13/2018 01:17:56 host/ARK-CENTOS7-KER@QA.ARKIVIO.COM (des-cbc-crc)

   3 05/13/2018 01:17:56 host/ARK-CENTOS7-KER@QA.ARKIVIO.COM (des-cbc-md5)

   3 05/13/2018 01:17:56 host/ARK-CENTOS7-KER@QA.ARKIVIO.COM (arcfour-hmac)

   3 05/13/2018 01:17:56 host/ARK-CENTOS7-KER@QA.ARKIVIO.COM (aes128-cts-hmac-sha1-96)

   3 05/13/2018 01:17:56 host/ARK-CENTOS7-KER@QA.ARKIVIO.COM (aes256-cts-hmac-sha1-96)

   3 05/13/2018 01:17:56 nfs/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (des-cbc-crc)

   3 05/13/2018 01:17:56 nfs/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (des-cbc-md5)

   3 05/13/2018 01:17:56 nfs/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (arcfour-hmac)

   3 05/13/2018 01:17:56 nfs/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (aes128-cts-hmac-sha1-96)

   3 05/13/2018 01:17:56 nfs/ark-centos7-ker.qa.arkivio.com@QA.ARKIVIO.COM (aes256-cts-hmac-sha1-96  

Post Reply