[Freeipa-users] NFS4 after client upgrade to Fedora 13
Thomas Sailer
sailer at sailer.dynip.lugs.ch
Thu May 27 21:58:28 UTC 2010
On Thu, 2010-05-27 at 14:30 -0400, Simo Sorce wrote:
> Oh right,
> then I guess you need to look into syslog to see if you can find any
> other hint.
>
> does the gssd daemon log anything ?
It can be made to talk, like this:
rpc.gssd -f -vvvvvv -rrrrrr
Messages at startup:
Warning: rpcsec_gss library does not support setting debug level
beginning poll
At mount time:
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35)
handle_gssd_upcall: 'mech=krb5 uid=0 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35)
process_krb5_upcall: service is '<null>'
Full hostname for 'server.xxx.com' is 'server.xxx.com'
Full hostname for 'client.xxx.com' is 'client.xxx.com'
Key table entry not found while getting keytab entry for 'root/client.xxx.com at XXX.COM'
Success getting keytab entry for 'nfs/client.xxx.com at XXX.COM'
Successfully obtained machine credentials for principal 'nfs/client.xxx.com at XXX.COM' stored in ccache 'FILE:/tmp/krb5cc_machine_XXX.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_XXX.COM' are good until 1275168019
using FILE:/tmp/krb5cc_machine_XXX.COM as credentials cache for machine creds
using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_XXX.COM
creating context using fsuid 0 (save_uid 0)
creating tcp client for server server.xxx.com
DEBUG: port already set to 2049
creating context with server nfs at server.xxx.com
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35)
handle_gssd_upcall: 'mech=krb5 uid=1591 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35)
process_krb5_upcall: service is '<null>'
getting credentials for client with uid 1591 for server server.xxx.com
CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_1591'(user at XXX.COM) passed all checks and has mtime of 1274978851
CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591
CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591
CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591
using FILE:/tmp/krb5cc_1591 as credentials cache for client with uid 1591 for server server.xxx.com
using environment variable to select krb5 ccache FILE:/tmp/krb5cc_1591
creating context using fsuid 1591 (save_uid 0)
creating tcp client for server server.xxx.com
DEBUG: port already set to 2049
creating context with server nfs at server.xxx.com
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall
Now interestingly, the access works if rpc.gssd is started from the
console!
When I start it using "service rpc.gssd restart", it fails again, now
with this in the log:
beginning poll
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
handle_gssd_upcall: 'mech=krb5 uid=0 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
process_krb5_upcall: service is '<null>'
Full hostname for 'server.xxx.com' is 'server.xxx.com'
Full hostname for 'client.xxx.com' is 'client.xxx.com'
Key table entry not found while getting keytab entry for 'root/client.xxx.com at XXX.COM'
Success getting keytab entry for 'nfs/client.xxx.com at XXX.COM'
Successfully obtained machine credentials for principal 'nfs/client.xxx.com at XXX.COM' stored in ccache 'FILE:/tmp/krb5cc_machine_XXX.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_XXX.COM' are good until 1275169699
using FILE:/tmp/krb5cc_machine_XXX.COM as credentials cache for machine creds
using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_XXX.COM
creating context using fsuid 0 (save_uid 0)
creating tcp client for server server.xxx.com
DEBUG: port already set to 2049
creating context with server nfs at server.xxx.com
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
handle_gssd_upcall: 'mech=krb5 uid=1591 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
process_krb5_upcall: service is '<null>'
getting credentials for client with uid 1591 for server server.xxx.com
CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_1591' is expired or corrupt
CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591
CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591
CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591
WARNING: Failed to create krb5 context for user with uid 1591 for server server.xxx.com
doing error downcall
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
handle_gssd_upcall: 'mech=krb5 uid=1591 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
process_krb5_upcall: service is '<null>'
getting credentials for client with uid 1591 for server server.xxx.com
CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_1591' is expired or corrupt
CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591
CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591
CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591
WARNING: Failed to create krb5 context for user with uid 1591 for server server.xxx.com
doing error downcall
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
handle_gssd_upcall: 'mech=krb5 uid=1591 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
process_krb5_upcall: service is '<null>'
getting credentials for client with uid 1591 for server server.xxx.com
CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_1591' is expired or corrupt
CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591
CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591
CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591
WARNING: Failed to create krb5 context for user with uid 1591 for server server.xxx.com
doing error downcall
For some reason I have no clue about, it does not like my credentials
cache (/tmp/krb5cc_1591) when not run from the console.
Thanks,
Tom
More information about the Freeipa-users
mailing list