[gpfsug-discuss] Keytab error trying to join an active directory domain
Sobey, Richard A
r.sobey at imperial.ac.uk
Thu May 18 15:36:33 BST 2017
It's crappy, I had to put the command in 10+ times before it would work. Just keep at it (that's my takeaway, sorry I'm not that technical when it comes to Kerberos).
Could be a domain replication thing.
Is time syncing properly across all your CES nodes?
Richard
-----Original Message-----
From: gpfsug-discuss-bounces at spectrumscale.org [mailto:gpfsug-discuss-bounces at spectrumscale.org] On Behalf Of Aidan Richmond
Sent: 18 May 2017 15:23
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Subject: [gpfsug-discuss] Keytab error trying to join an active directory domain
Hello
I'm trying to join an AD domain for SMB and NFS protocol sharing but I keep getting a "Failed to generate the kerberos keytab file" error. The command I'm running is
/usr/lpp/mmfs/bin/mmuserauth service create --data-access-method file --type ad --netbios-name @name@ --servers @adserver@ --user-name @username@ --idmap-role master --enable-nfs-kerberos --unixmap-domains "DS(1000-9999999)"
A correct keytab does appears to be created on the host I run this on (one of two protocol nodes) but not on the other one.
--
Aidan Richmond
Apple/Unix Support Officer, IT
Garstang 10.137
Faculty of Biological Sciences
University of Leeds
Clarendon Way
LS2 9JT
Tel:0113 3434252
a.g.richmond at leeds.ac.uk
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
More information about the gpfsug-discuss
mailing list