From: Michael Guntsche <mike@it-loops.com>
To: "Finney, Sean" <Sean.Finney@sonyericsson.com>
Cc: "vovan@vovan.nl" <vovan@vovan.nl>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: Re: [BUG] sec=krb5 mount problem with nfs-utils 1.2.3 on client side
Date: Fri, 15 Apr 2011 12:16:43 +0200 [thread overview]
Message-ID: <20110415120934@it-loops.com> (raw)
In-Reply-To: <A50602A820F61543B29992A418BB321B66E18F8A71@seldmbx01.corpusers.net>
On 15 Apr 11 08:01, Finney, Sean wrote:
> Hi guys,
>
> On Fri, 2011-04-15 at 06:02 +0200, Vladimir Elisseev wrote:
> > Michael,
> >
> > I've posted an email with the same question here a few weeks ago, but I
> > haven't been able to investigate what the problem is. The only
> > difference in my setup, that servers have kernel 2.6.36 the rest is
> > exactly the same and exactly the same error. See thread with the subject
> > "rpc.svcgssd problem after updating client 1.2.2->1.2.3".
>
> I think the problem here is the same one we were experiencing, with
> large group memberships causing invalid writes to the procfs rpc channel
> files. If you strace rpc.svcgssd (or rpc.mountd, you should see it
> there too I think), you should see the write() calls being split into
> multiple 1024-byte sized writes, each of which get EINVAL (or -EINVAL, I
> forget) returned.
<snip>
Thank you for the information, but I got it working in the meantime.
The main problem still is that the code for some reason tries to use AES
although I tried specifying a different enctype in my kerberos config.
Nevertheless it should just work with AES as well, so where was the
problem?
Quite simple....missing kernel support. I enabled AES support but I DID
NOT enable CTS support which is of course needed as well. So after
compiling the server and client kernels with BOTH AES and CTS support I
can no mount the NFS4 export without any issues.
I still think the error message could be a little bit more
verbose/meaningful like "Missing kernel support for X" instead of a
rather cryptic message.
Once again, sorry for the noise and I'll keep testing this setup now
more often so this hopefully does not happen again.
Kind regards,
Michael Guntsche
next prev parent reply other threads:[~2011-04-15 10:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-14 23:20 [BUG] sec=krb5 mount problem with nfs-utils 1.2.3 on client side Michael Guntsche
2011-04-15 4:02 ` Vladimir Elisseev
2011-04-15 6:01 ` Finney, Sean
2011-04-15 7:15 ` Vladimir Elisseev
2011-04-15 7:29 ` Finney, Sean
2011-04-15 10:16 ` Michael Guntsche [this message]
2011-04-15 13:29 ` Trond Myklebust
2011-04-15 13:31 ` Trond Myklebust
2011-04-15 14:21 ` Kevin Coffman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110415120934@it-loops.com \
--to=mike@it-loops.com \
--cc=Sean.Finney@sonyericsson.com \
--cc=linux-nfs@vger.kernel.org \
--cc=vovan@vovan.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).