From: Suresh Jayaram <sureshjayaram@gmail.com>
To: mehta kiran <kiranmehta1981@yahoo.com>
Cc: Kevin Coffman <kwc@citi.umich.edu>, nfs@lists.sourceforge.net
Subject: Re: problem mounting using NFSv4 when using -o sec=krb5 option
Date: Thu, 17 Mar 2005 19:17:26 +0530 [thread overview]
Message-ID: <38c3c4860503170547ed9e1fc@mail.gmail.com> (raw)
In-Reply-To: <20050317125653.70513.qmail@web51608.mail.yahoo.com>
Hi Kiran,
Run rpc.gssd also in verbose mode
>>RPC: AUTH_GSS upcall timed out.
This means rpc.gssd is not running.
Check gssapi_mech.conf in client machine also.
Those Warning messages you can ignore..
Update your libgssapi and librpcsecgss packages (libgssapi-0.2 and
librpcsecgss-0.4)
HTH
Suresh
On Thu, 17 Mar 2005 04:56:53 -0800 (PST), mehta kiran
<kiranmehta1981@yahoo.com> wrote:
> one more thing.
>
> On machine running kdc ,
>
> entry for vcslinux5 is with kvno 3
> while entry for vcslinux5 on vcslinux5 is with kvno
> 2 . Is this making a difference
>
> thanks,
> --kiran
>
> --- Suresh Jayaram <sureshjayaram@gmail.com> wrote:
>
> > Hi Kiran,
> >
> > Try running rpc.gssd -f -vvv (really verbose and
> > foreground) and
> > rpc.svcgssd -vvv -f
> > and see why it is failing. I has similar problems
> > with NFSv4, before
> > updating all my packages (currently available in
> > CITI website).
> >
> > Possibly the path of libgssapi_krb5.so may not be
> > proper. Check your
> > /etc/gssapi_mech.conf
> >
> > Basically after installation of all packages, you
> > need to create 2
> > principals in kdc server; one for server and one for
> > client and
> > extract them appropriately.
> > Make sure all three machines are in Timesync and
> > hostname of them are
> > resolvable. Run rpc.mountd, rpc.idmapd, rpc.svcgssd
> > and rpc.nfsd in
> > server and rpc.idmapd and rpc.gssd in client.
> >
> > HTH
> > Suresh
> >
> >
> > On Thu, 17 Mar 2005 03:59:52 -0800 (PST), mehta
> > kiran
> > <kiranmehta1981@yahoo.com> wrote:
> > > Hi kevin ,
> > > I am using RHEL4 GA.
> > > kernel : 2.6.9-5.EL
> > > nfs-utils : nfs-utils-1.0.6-46
> > >
> > > As per what you told , i have added entries on
> > both
> > > client and server.
> > >
> > > *client:vcslinux6#klist -k /etc/krb5.keytab
> > > 2
> > >
> >
> nfs/vcslinux6.vxindia.veritas.com@VXINDIA.VERITAS.COM
> > >
> > > *server:vcslinux5#klist -k /etc/krb5.keytab
> > >
> > > 2
> > >
> >
> nfs/vcslinux5.vxindia.veritas.com@VXINDIA.VERITAS.COM
> > >
> > > *kdc:vcslinux1#klist -k /etc/krb5.keytab
> > >
> > > 2 root/admin@VXINDIA.VERITAS.COM
> > > 2
> > >
> >
> nfs/vcslinux1.vxindia.veritas.com@VXINDIA.VERITAS.COM
> > > 3
> > >
> >
> nfs/vcslinux5.vxindia.veritas.com@VXINDIA.VERITAS.COM
> > > 2
> > >
> >
> nfs/vcslinux6.vxindia.veritas.com@VXINDIA.VERITAS.COM
> > >
> > > I inserted rpcsec_gss_krb5 module on all machines.
> > > started krb5kdc and kadmind.
> > > started all nfs daemons , rpc.svcgssd ,
> > rpc.idmapd on
> > > server and exported filesystem with proper
> > options.
> > >
> > > started rpc.idmapd on client(vcslinux6).
> > > But when i run #rpc.gssd -m -v -f
> > > Mar 17 11:13:03 vcslinux6 kernel: RPC: AUTH_GSS
> > upcall
> > > timed out.
> > > Mar 17 11:13:03 vcslinux6 kernel: Please check
> > user
> > > daemon is running!
> > >
> > > in log file:
> > > Using keytab file '/etc/krb5.keytab'
> > > WARNING: Decrypt integrity check failed while
> > getting
> > > initial ticket for principal
> > >
> >
> 'nfs/vcslinux6.vxindia.veritas.com@VXINDIA.VERITAS.COM'
> > > from keytab 'FILE:/etc/krb5.keytab'
> > > ERROR: No usable machine credentials obtained
> > > processing client list
> > >
> > > -------
> > > Then i tried making kvno for vcslinux5 (on kdc) =
> > 2
> > > i could not.
> > > [root@vcslinux1 ~]# kadmin
> > > Authenticating as principal
> > > root/admin@VXINDIA.VERITAS.COM with password.
> > > Password for root/admin@VXINDIA.VERITAS.COM:
> > > kadmin: modprinc -kvno 2
> > > nfs/vcslinux5.vxindia.veritas.com
> > > Principal
> > >
> >
> "nfs/vcslinux5.vxindia.veritas.com@VXINDIA.VERITAS.COM"
> > > modified.
> > > kadmin: ktadd -e des-cbc-crc:normal -k
> > /tmp/keytab
> > >
> >
> nfs/vcslinux5.vxindia.veritas.com@VXINDIA.VERITAS.COM
> > > Entry for principal
> > >
> >
> nfs/vcslinux5.vxindia.veritas.com@VXINDIA.VERITAS.COM
> > > with kvno 3, encryption type DES cbc mode with
> > CRC-32
> > > added to keytab WRFILE:/tmp/keytab.
> > >
> > > Please let me know where i went wrong .
> > >
> > > --- Kevin Coffman <kwc@citi.umich.edu> wrote:
> > > > Also, "failed reading uid from krb5 upcall" and
> > > > "Failed to write error
> > > > downcall" should not normally happen. What
> > versions
> > > > of kernel and
> > > > nfs-utils do you have?
> > > >
> > > >
> > > > > > Error in log file on mount
> > > > > > Mar 16 14:58:43 vcslinux5 rpc.gssd[4258]:
> > > > WARNING:
> > > > > > failed reading uid from krb5 upcall pipe:
> > > > Success
> > > > > > Mar 16 14:58:43 vcslinux5 rpc.gssd[4405]:
> > > > WARNING: Key
> > > > > > table entry not found while getting initial
> > > > ticket for
> > > > > > principal
> > > > > >
> > > >
> > >
> >
> 'nfs/vcslinux1.vxindia.veritas.com@VXINDIA.VERITAS.COM'
> > > > > > from keytab 'FILE:/etc/krb5.keytab'
> > > > > > Mar 16 14:58:43 vcslinux5 rpc.gssd[4405]:
> > ERROR:
> > > > No
> > > > > > usable machine credentials obtained
> > > > > > Mar 16 14:58:43 vcslinux5 rpc.gssd[4405]:
> > > > WARNING:
> > > > > > Failed to obtain machine credentials for
> > > > connection to
> > > > > > server vcslinux1.vxindia.veritas.com
> > > > > > Mar 16 14:59:08 vcslinux5 rpc.gssd[2760]:
> > > > WARNING:
> > > > > > Failed to create krb5 context for user with
> > uid
> > > > 0 with
> > > > > > any credentials cache for server
> > > > > > vcslinux1.vxindia.veritas.com
> > > > > > Mar 16 14:59:08 vcslinux5 rpc.gssd[2760]:
> > Failed
> > > > to
> > > > > > write error downcall!
> > > > > >
> > > > > > thanks,
> > > > > > --kiran
> > > >
> > > >
> > > >
> > > >
> > >
> >
> -------------------------------------------------------
> > > > SF email is sponsored by - The IT Product Guide
> > > > Read honest & candid reviews on hundreds of IT
> > > > Products from real users.
> > > > Discover which products truly live up to the
> > hype.
> > > > Start reading now.
> > > >
> > >
> >
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > > > _______________________________________________
> > > > NFS maillist - NFS@lists.sourceforge.net
> > > > https://lists.sourceforge.net/lists/listinfo/nfs
> > > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > Yahoo! Mail - now with 250MB free storage. Learn
> > more.
> > > http://info.mail.yahoo.com/mail_250
> > >
> > >
> > >
> >
> -------------------------------------------------------
> > > SF email is sponsored by - The IT Product Guide
> > > Read honest & candid reviews on hundreds of IT
> > Products from real users.
> > > Discover which products truly live up to the hype.
> > Start reading now.
> > >
> >
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> >
> === message truncated ===
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
--
"Good Luck is when preparation meets opportunity"
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2005-03-17 13:47 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-17 11:59 problem mounting using NFSv4 when using -o sec=krb5 option mehta kiran
2005-03-17 12:27 ` Suresh Jayaram
2005-03-17 12:53 ` mehta kiran
2005-03-17 12:56 ` mehta kiran
2005-03-17 13:47 ` Suresh Jayaram [this message]
2005-03-18 7:43 ` mehta kiran
2005-03-18 14:10 ` Trond Myklebust
2005-03-21 15:11 ` Kevin Coffman
2005-03-21 15:45 ` mehta kiran
2005-03-21 21:36 ` Kevin Coffman
2005-03-21 15:45 ` mehta kiran
-- strict thread matches above, loose matches on Subject: below --
2005-03-22 15:39 mehta kiran
2005-03-22 16:12 ` Kevin Coffman
2005-03-22 4:40 mehta kiran
2005-03-22 8:06 ` mehta kiran
2005-03-22 14:18 ` Kevin Coffman
2005-03-22 15:15 ` mehta kiran
2005-03-22 15:34 ` Kevin Coffman
2005-03-22 15:41 ` mehta kiran
2005-03-22 4:13 mehta kiran
2005-03-22 14:05 ` Kevin Coffman
2005-03-16 14:47 mehta kiran
2005-03-16 15:05 ` Trond Myklebust
2005-03-16 15:40 ` mehta kiran
2005-03-16 16:12 ` Kevin Coffman
2005-03-16 16:28 ` Kevin Coffman
2005-03-16 14:36 mehta kiran
2005-03-16 14:36 mehta kiran
2005-03-16 13:39 mehta kiran
2005-03-16 14:34 ` Kevin Coffman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=38c3c4860503170547ed9e1fc@mail.gmail.com \
--to=sureshjayaram@gmail.com \
--cc=kiranmehta1981@yahoo.com \
--cc=kwc@citi.umich.edu \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.