NFS Services Administrator's Guide
Troubleshooting NFS Services
Common Problems while using Secure NFS with Kerberos
Chapter 5180
Common Problems while using Secure NFS
with Kerberos
“Permission Denied” Message
This message could be displayed because of one of the following reasons:
• The Ticket Granting Ticket (TGT) has expired
To renew the ticket, enter the following command:
kinit
username
• Fully qualified hostname resolution problem
To verify the hostname resolution, check the following files:
— /etc/nsswitch.conf
— /etc/hosts
To provide a fully qualified host name, do the following:
— Add dns in the host entry in the /etc/nsswitch.conf
— Re-configure NIS and /etc/hosts
• Time mismatch of 5 minutes between Kerberos server and Kerberos
client
HP recommends that you run time server to synchronize the time
between client and server.
• Improper krb5.conf
This could be because the realm to domain matching is not set in
either server or client’s configuration file (krb5.conf).
To fix the krb5.conf file for proper domain name to realm matching,
modify the file based on the following sample:
#
# Kerberos configuration
# This krb5.conf file is intended as an example only.
# see krb5.conf(4) for more details