在受信任域中使用NFS Kerberos挂载时、服务器拒绝访问
适用场景
- ONTAP 9
- NFS Kerberos
- 受信任域
问题描述
- 在受信任域中挂载NFS Kerberos失败。
[root@host1 ~]#mount -t nfs -vvv -o rw,sec=krb5,nfsvers=4,minorversion=1,clientaddr=10.x.x.x nfs:/volumepath /hostpathThu Apr 13 10:52:49 IST 2023mount.nfs: timeout set for Thu Apr 13 10:54:49 2023mount.nfs: trying text-based options 'sec=krb5,nfsvers=4,clientaddr=10.x.x.x,vers=4.1,addr=10.x.x.x'mount.nfs: mount(2): Permission deniedmount.nfs: access denied by server while mounting nfs:/volumepath- NFS Kerberos LIF在域domain1.com.in"上创建。
::*> nfs kerberos interface show -vserver nfsserver-3LogicalVserver Interface Address Kerberos SPN-------------- ------------- --------------- -------- -----------------------clus-sv3 clus-sv3-if1 10.xx.yy.228 enabled nfs/clus-sv3.nas.ss.com.in@domain1.com.in- NFS客户端属于不同的域domain2.com.in。
[root@host1 ~]# realm listdomain2.com.intype: kerberosrealm-name: DOMAIN2.COM.INdomain-name: domain2.com.inconfigured: kerberos-memberserver-software: ipaclient-software: sssdrequired-package: ipa-clientrequired-package: oddjobrequired-package: oddjob-mkhomedirrequired-package: sssdlogin-formats: %Ulogin-policy: allow-realm-logins