[OmniOS-discuss] OmniOS (Joined Active Directory & KRB5.Conf + NFS = NFS Disconnects in ESXI on DC Reboot)
Matt Mabis
dasaint.blair at gmail.com
Tue Oct 25 19:11:13 UTC 2016
Hey All,
Was wondering if you could help me out, using b13298F but i have seen this
in other versions too where i joined the Omni to the Domain so i could use
ACLs and UserID Mappings for SMB. however when i reboot one of the 2 DCs i
have it looks like it loses all access to the NFS Shares till that DC Comes
back online.
>From my troubleshooting i have figured out it has something to do with
Kerberos and NFS together if the System cannot talk to Kerberos NFS Drops
the connections (Even though i am doing Root @ IP Range) based ESXi
Mappings for NFS v3 I believe Kerberos and NFS are intertwined in some
sense cause even though i can ping the IP its like i just get inherently
denied access when that DC Is down...
Trying to make sure if i have to take these DC's down for
updates/patches/maintenance they arent going to take down my entire NFS
structure...
Any Help would be appreciated.
KRB5.CONF File
See Data *Changed domain name to DOMAIN.LOCAL* but all other information is
correct 192.168.30.14 is DC1 and 192.168.30.15 is DC2.. (When i power down
DC1 is when i start loosing connection)
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
# ident → "%Z%%M% → %I% → %E% SMI"
#
# krb5.conf template
# In order to complete this configuration file
# you will need to replace the __<name>__ placeholders
# with appropriate values for your network and uncomment the
# appropriate entries.
#
[libdefaults]
default_realm = DOMAIN.LOCAL
[realms]
DOMAIN.LOCAL = {
kdc = 192.168.30.14
kdc = 192.168.30.15
admin_server = 192.168.30.15
kpasswd_server = 192.168.30.15
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
.domain.local = DOMAIN.LOCAL
[logging]
default = FILE:/var/krb5/kdc.log
kdc = FILE:/var/krb5/kdc.log
→ kdc_rotate = {
# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.
→ → period = 1d
# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
→ → versions = 10
→ }
[appdefaults]
→ kinit = {
→ → renewable = true
→ → forwardable= true
→ }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20161025/d4aacec8/attachment.html>
More information about the OmniOS-discuss
mailing list