[Freeipa-users] krb5 and nfsv4 not working right

Tony Brian Albers tba at statsbiblioteket.dk
Tue Nov 15 12:17:43 UTC 2016 

Hi guys,

I've followed every guide I can find on this subject. What I'm trying to 
is to get our home directories which are shared via NFS from the FreeIPA 
server mounted via autofs on the clients.

The client is kact-man-001 and the FreeIPA server is kact-adm-001

/etc/exports:


I've done the ipa-client-install and the ipa-client-automount

However, when I log in, my homedir is mounted as expected but what I get 
in the messages log is:

Nov 15 12:52:25 kact-man-001 gssproxy: gssproxy[770]: (OID: { 1 2 840 
113554 1 2 2 }) Unspecified GSS failure.  Minor code may provide more 
information, No credentials cache found

A lot!

/etc/krb5.conf is default from the FreeIPA installation:

   default_ccache_name = KEYRING:persistent:%{uid}


The autofs setup looks like this:

---------------------------------------------------------

[root at kact-adm-001 log]# ipa automountmap-find
Location: default
------------------------
3 automount maps matched
------------------------
   Map: auto.direct

   Map: auto.home

   Map: auto.master
----------------------------
Number of entries returned 3
----------------------------
[root at kact-adm-001 log]#



[root at kact-adm-001 log]# ipa automountkey-find
Location: default
Map: auto.home
-----------------------
1 automount key matched
-----------------------
   Key: *
   Mount information: -fstype=nfs4,rw,sec=krb5,rsize=8192,wsize=8192 
kact-adm-001.kact.sblokalnet:/data/home/&
----------------------------
Number of entries returned 1
----------------------------
[root at kact-adm-001 log]#

---------------------------------------------------------

Now, the BAD thing is, trying to copy a large file to the automounted 
dir on the client just hangs:

[tba at pc588 images]$ scp NAS4Free-x64-LiveUSB-10.3.0.3.2987.img.gz 
tba-sb at kact-man-001.kact.sblokalnet:.
tba-sb at kact-man-001.kact.sblokalnet's password:
NAS4Free-x64-LiveUSB-10.3.0.3.2987.img.gz 
                                            100%  281MB  93.6MB/s 
00:03
[hangs]

And my logged in session on the client hangs if I try to do ls in my 
homedir:
[tba at pc588 ~]$ ssh tba-sb at kact-man-001.kact.sblokalnet
tba-sb at kact-man-001.kact.sblokalnet's password:
Last login: Tue Nov 15 13:07:12 2016 from pc588.sb.statsbiblioteket.dk
-sh-4.2$
-sh-4.2$
-sh-4.2$ pwd
/home/tba-sb
-sh-4.2$ hostname
kact-man-001
-sh-4.2$
-sh-4.2$ ls
[hangs]


And I see a huge amount of the GSS failures in the messages file on the 
client.


Any suggestions?

TIA




-- 
Best regards,

Tony Albers
Systems administrator, IT-development
State and University Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 2566 2383 / +45 8946 2316

More information about the Freeipa-users mailing list