[OmniOS-discuss] OmniOS (Joined Active Directory & KRB5.Conf + NFS = NFS Disconnects in ESXI on DC Reboot)

Matt Mabis dasaint.blair at gmail.com
Wed Oct 26 22:13:36 UTC 2016 

It does, i got another email from another member directly that explained
the issue as well, i however did have my router in there and another active
DNS controller and yet it still happened...  The other guy recommended to
get around this eaiser to put the esxi host names in the /etc/hosts file to
ensure that dns was ok....

Funny part is i didnt think it would be DNS as my hosts were using IPs to
connect not DNS names..   My Resolv.conf had the following info and even
tho .15 and .1 were both online as soon as i lost .14 it lost
connectivity... so i think theres still something wonky with the NFS
protocol as it shouldnt have lost connection consistently... it would go up
and down like it was always trying to hit 14 first and lost connection then
found 15 then reconnected... then rechecked at 14 then lost it....

192.168.30.14 - DC1
192.168.30.15 - DC2
192.168.30.1 - Router

On Wed, Oct 26, 2016 at 4:08 PM, Aaron Curry <asc1111 at gmail.com> wrote:

> I had a similar problem. Turned out to be a DNS issue. Our DNS was running
> on the DC. When the DC was down, NFS wouldn't work. All I had to do was add
> our router as a nameserver in resolv.conf and it started working again. It
> seemed to be that as long as OmniOS has someone responding to DNS requests
> NFS will work, even if the DNS has no local info.
>
> Hope that helps.
>
> Aaron
> On Oct 25, 2016 1:13 PM, "Matt Mabis" <dasaint.blair at gmail.com> wrote:
>
>> Hey All,
>>
>> Was wondering if you could help me out, using b13298F but i have seen
>> this in other versions too where i joined the Omni to the Domain so i could
>> use ACLs and UserID Mappings for SMB.  however when i reboot one of the 2
>> DCs i have it looks like it loses all access to the NFS Shares till that DC
>> Comes back online.
>>
>> From my troubleshooting i have figured out it has something to do with
>> Kerberos and NFS together if the System cannot talk to Kerberos NFS Drops
>> the connections (Even though i am doing Root @ IP Range) based ESXi
>> Mappings for NFS v3  I believe Kerberos and NFS are intertwined in some
>> sense cause even though i can ping the IP its like i just get inherently
>> denied access when that DC Is down...
>>
>> Trying to make sure if i have to take these DC's down for
>> updates/patches/maintenance they arent going to take down my entire NFS
>> structure...
>>
>> Any Help would be appreciated.
>>
>>
>> KRB5.CONF File
>> See Data *Changed domain name to DOMAIN.LOCAL* but all other information
>> is correct 192.168.30.14 is DC1 and 192.168.30.15 is DC2.. (When i power
>> down DC1 is when i start loosing connection)
>>
>>
>> #
>> # CDDL HEADER START
>> #
>> # The contents of this file are subject to the terms of the
>> # Common Development and Distribution License (the "License").
>> # You may not use this file except in compliance with the License.
>> #
>> # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
>> # or http://www.opensolaris.org/os/licensing.
>> # See the License for the specific language governing permissions
>> # and limitations under the License.
>> #
>> # When distributing Covered Code, include this CDDL HEADER in each
>> # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
>> # If applicable, add the following below this CDDL HEADER, with the
>> # fields enclosed by brackets "[]" replaced with your own identifying
>> # information: Portions Copyright [yyyy] [name of copyright owner]
>> #
>> # CDDL HEADER END
>> #
>> #
>> # Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
>> # Use is subject to license terms.
>> #
>> # ident  →  "%Z%%M%  →  %I%  →  %E% SMI"
>> #
>>
>> # krb5.conf template
>> # In order to complete this configuration file
>> # you will need to replace the __<name>__ placeholders
>> # with appropriate values for your network and uncomment the
>> # appropriate entries.
>> #
>> [libdefaults]
>>         default_realm = DOMAIN.LOCAL
>>
>>
>> [realms]
>>         DOMAIN.LOCAL = {
>>                 kdc = 192.168.30.14
>>                 kdc = 192.168.30.15
>>                 admin_server = 192.168.30.15
>>                 kpasswd_server = 192.168.30.15
>>                 kpasswd_protocol = SET_CHANGE
>>         }
>>
>> [domain_realm]
>>         .domain.local = DOMAIN.LOCAL
>>
>> [logging]
>>         default = FILE:/var/krb5/kdc.log
>>         kdc = FILE:/var/krb5/kdc.log
>>   →  kdc_rotate = {
>>
>> # How often to rotate kdc.log. Logs will get rotated no more
>> # often than the period, and less often if the KDC is not used
>> # frequently.
>>
>>   →    →  period = 1d
>>
>> # how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)
>>
>>   →    →  versions = 10
>>   →  }
>>
>> [appdefaults]
>>   →  kinit = {
>>   →    →  renewable = true
>>   →    →  forwardable= true
>>   →  }
>>
>> _______________________________________________
>> OmniOS-discuss mailing list
>> OmniOS-discuss at lists.omniti.com
>> http://lists.omniti.com/mailman/listinfo/omnios-discuss
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20161026/5e44be1d/attachment.html>

More information about the OmniOS-discuss mailing list