[33391] in Kerberos
Re: NFS - Kerberos - Ubuntu
daemon@ATHENA.MIT.EDU (Kevin Coffman)
Mon May 16 17:11:34 2011
MIME-Version: 1.0
In-Reply-To: <loom.20110515T183618-598@post.gmane.org>
Date: Mon, 16 May 2011 17:11:28 -0400
Message-ID: <BANLkTikaSSBX2HZWjmubjGxjg3rLqgipEA@mail.gmail.com>
From: Kevin Coffman <kwc@umich.edu>
To: Sascha <mlist@xtc4nrg.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="iso-8859-1"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
I'm sure this is better asked on an NFS or Linux list, rather than Kerberos.
Check to see if all the required kernel modules are loaded.
(rpcsec_gss_krb5 in particular)
K.C.
On Sun, May 15, 2011 at 1:15 PM, Sascha <mlist@xtc4nrg.com> wrote:
> Hi,
> I am using Ubuntu 11.04 with threes KVM and three virtual servers in it. One
> forDNS/DHCP (probably not relevant for this topic), one with kerberos and ldap
> named authenticate) and one with NFS (named file). And a client, also running
> Ubuntu 11.04, named blacklin.
>
> Ldap and Kerberos are probably working as intended, as I can login to the
> client with the credentials specified in LDAP and kerberos.
> However, when I am trying to mount the NFS shares on the client I get an error
> message:
> mount.nfs4: access denied by server while mounting file:/
>
> Disabling the kerberos authentication in export the shares can be mounted
> successfully. So I am assuming that it is an issue between NFS and Kerberos.
>
> Saying that, I have made some trouble shooting.
> Running rpc.svcgssd -f -vvvv on the NFS server while doing a mount on the
> client is showing the following:
>
> entering poll
> leaving poll
> handling null request
> sname = nfs/blacklin.xtc4nrg.com@XTC4NRG.COM
> DEBUG: serialize_krb5_ctx: lucid version!
> prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
> doing downcall
> mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84157 from now), clnt:
> nfs@blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
> : qword_eol: fflush failed: errno 95 (Operation not supported)
> WARNING: error writing to downcall channel
> /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
> sending null reply
> writing message: \x \x6080... DELETED ALL THE HEX FOR BETTER READBILITY ... 772
> finished handling null request
> entering poll
> leaving poll
> handling null request
> sname = nfs/blacklin.xtc4nrg.com@XTC4NRG.COM
> DEBUG: serialize_krb5_ctx: lucid version!
> prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
> doing downcall
> mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84157 from now),clnt:
> nfs@blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
> : qword_eol: fflush failed: errno 95 (Operation not supported)
> WARNING: error writing to downcall channel
> /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
> sending null reply
> writing message: \x \x602... DELETED ALL THE HEX FOR BETTER READBILITY ... 012
> finished handling null request
> entering poll
> leaving poll
> handling null request
> sname = nfs/blacklin.xtc4nrg.com@XTC4NRG.COM
> DEBUG: serialize_krb5_ctx: lucid version!
> prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
> doing downcall
> mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84156 from now),clnt:
> nfs@blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
> : qword_eol: fflush failed: errno 95 (Operation not supported)
> WARNING: error writing to downcall channel
> /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
> sending null reply
> writing message: \x \x6082021b... DELETED ALL THE HEX FOR BETTER READBILITY ...
> 9eab8
> finished handling null request
> entering poll
> leaving poll
> handling null request
> sname = nfs/blacklin.xtc4nrg.com@XTC4NRG.COM
> DEBUG: serialize_krb5_ctx: lucid version!
> prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
> doing downcall
> mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84156 from now),clnt:
> nfs@blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
> : qword_eol: fflush failed: errno 95 (Operation not supported)
> WARNING: error writing to downcall channel
> /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
> sending null reply
> writing message: \x \x6082021... DELETED ALL THE HEX FOR BETTER READBILITY ...
> 85987
> finished handling null request
>
> =========================================
>
> Looking at the error message:
> qword_eol: fflush failed: errno 95 (Operation not supported)
> WARNING: error writing to downcall channel
> /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
>
> I have googled around and found that a similar error was discussed in this
> mailing list, but unfortunately it did not solve my issue.
>
> Please let me know if you need to know some specific settings or if you want me
> to check any settings.
>
> Any hint in troubleshooting this issue is highly appreciated.
>
> Thanks,
> Sascha
>
>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
