[OmniOS-discuss] OmniOS (Joined Active Directory & KRB5.Conf + NFS = NFS Disconnects in ESXI on DC Reboot)
Aaron Curry
asc1111 at gmail.com
Wed Oct 26 22:08:24 UTC 2016
I had a similar problem. Turned out to be a DNS issue. Our DNS was running
on the DC. When the DC was down, NFS wouldn't work. All I had to do was add
our router as a nameserver in resolv.conf and it started working again. It
seemed to be that as long as OmniOS has someone responding to DNS requests
NFS will work, even if the DNS has no local info.
Hope that helps.
Aaron
On Oct 25, 2016 1:13 PM, "Matt Mabis" <dasaint.blair at gmail.com> wrote:
> Hey All,
>
> Was wondering if you could help me out, using b13298F but i have seen this
> in other versions too where i joined the Omni to the Domain so i could use
> ACLs and UserID Mappings for SMB. however when i reboot one of the 2 DCs i
> have it looks like it loses all access to the NFS Shares till that DC Comes
> back online.
>
> From my troubleshooting i have figured out it has something to do with
> Kerberos and NFS together if the System cannot talk to Kerberos NFS Drops
> the connections (Even though i am doing Root @ IP Range) based ESXi
> Mappings for NFS v3 I believe Kerberos and NFS are intertwined in some
> sense cause even though i can ping the IP its like i just get inherently
> denied access when that DC Is down...
>
> Trying to make sure if i have to take these DC's down for
> updates/patches/maintenance they arent going to take down my entire NFS
> structure...
>
> Any Help would be appreciated.
>
>
> KRB5.CONF File
> See Data *Changed domain name to DOMAIN.LOCAL* but all other information
> is correct 192.168.30.14 is DC1 and 192.168.30.15 is DC2.. (When i power
> down DC1 is when i start loosing connection)
>
>
> #
> # CDDL HEADER START
> #
> # The contents of this file are subject to the terms of the
> # Common Development and Distribution License (the "License").
> # You may not use this file except in compliance with the License.
> #
> # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
> # or http://www.opensolaris.org/os/licensing.
> # See the License for the specific language governing permissions
> # and limitations under the License.
> #
> # When distributing Covered Code, include this CDDL HEADER in each
> # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
> # If applicable, add the following below this CDDL HEADER, with the
> # fields enclosed by brackets "[]" replaced with your own identifying
> # information: Portions Copyright [yyyy] [name of copyright owner]
> #
> # CDDL HEADER END
> #
> #
> # Copyright 2007 Sun Microsystems, Inc. All rights reserved.
> # Use is subject to license terms.
> #
> # ident → "%Z%%M% → %I% → %E% SMI"
> #
>
> # krb5.conf template
> # In order to complete this configuration file
> # you will need to replace the __<name>__ placeholders
> # with appropriate values for your network and uncomment the
> # appropriate entries.
> #
> [libdefaults]
> default_realm = DOMAIN.LOCAL
>
>
> [realms]
> DOMAIN.LOCAL = {
> kdc = 192.168.30.14
> kdc = 192.168.30.15
> admin_server = 192.168.30.15
> kpasswd_server = 192.168.30.15
> kpasswd_protocol = SET_CHANGE
> }
>
> [domain_realm]
> .domain.local = DOMAIN.LOCAL
>
> [logging]
> default = FILE:/var/krb5/kdc.log
> kdc = FILE:/var/krb5/kdc.log
> → kdc_rotate = {
>
> # How often to rotate kdc.log. Logs will get rotated no more
> # often than the period, and less often if the KDC is not used
> # frequently.
>
> → → period = 1d
>
> # how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
>
> → → versions = 10
> → }
>
> [appdefaults]
> → kinit = {
> → → renewable = true
> → → forwardable= true
> → }
>
> _______________________________________________
> OmniOS-discuss mailing list
> OmniOS-discuss at lists.omniti.com
> http://lists.omniti.com/mailman/listinfo/omnios-discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20161026/40cdf41b/attachment-0001.html>
More information about the OmniOS-discuss
mailing list