gssd mounts not working

gssd mounts not working

[Richard Smits]

Hello,
We are having problems with our gssd nfs mounts. I will explain our 
situation.

Our clients are running SLED 11 SP1.
Our server is a Netapp filer with Ontap 7.3.3P4.

We provide NFS exported directory's with krb5 security.

Our KDC is a Windows 2003 and 2008 Active Directory.

If we use nfs-client-1.2.1-8.1 everything works as expected.

But if we upgrade to (any) newer client, all gssd mounts fail. Now there 
is a bugreport on Novell Bugzilla about this : 
https://bugzilla.novell.com/show_bug.cgi?id=614293#c7

Apperantly if the nfs client is compiled with --disable-tirpc , the 
ticket size from the AD is to big ?

On our Redhat server we do not have these problems. There we are running 
: nfs-utils-1.2.2-7

Is there an explanation for these problems ? How can i find out if a 
client has been compiled with specific options. There is no nfs devel 
package for suse.

Greetings .. Richard Smits

Re: gssd mounts not working

[Steve Dickson]

On 04/21/2011 02:58 AM, Richard Smits wrote:
> Hello,
> We are having problems with our gssd nfs mounts. I will explain our situation.
> 
> Our clients are running SLED 11 SP1.
> Our server is a Netapp filer with Ontap 7.3.3P4.
> 
> We provide NFS exported directory's with krb5 security.
> 
> Our KDC is a Windows 2003 and 2008 Active Directory.
> 
> If we use nfs-client-1.2.1-8.1 everything works as expected.
> 
> But if we upgrade to (any) newer client, all gssd mounts fail. Now there is a bugreport on Novell Bugzilla about this : https://bugzilla.novell.com/show_bug.cgi?id=614293#c7
> 
> Apperantly if the nfs client is compiled with --disable-tirpc , the ticket size from the AD is to big ?
Yes this problem was fixed in libitrpc with:

commit 599511589ca7ddb3b2eac8d3aa5b0b38be7a7691
Author: Jeff Layton <jlayton@redhat.com>
Date:   Fri Mar 5 14:27:13 2010 -0500

    libtirpc: allow larger ticket sizes with RPCSEC_GSS


> On our Redhat server we do not have these problems. There we are running : nfs-utils-1.2.2-7
> 
> Is there an explanation for these problems ? How can i find out if a client has been compiled with specific options. There is no nfs devel package for suse.
Good question... I don't think there is way to was to tell how each
binary has been compiled... but doing a ldd `which rpc.gssd` will show
which shared libraries will be used.. If libtirpc.so.1 does not show up 
in that list the you know the rpc.gssd was compile with --disable-tirpc

steved.

Re: gssd mounts not working

[Luk Claes]

On 04/23/2011 02:16 PM, Steve Dickson wrote:
> 
> 
> On 04/21/2011 02:58 AM, Richard Smits wrote:
>> Hello,
>> We are having problems with our gssd nfs mounts. I will explain our situation.
>>
>> Our clients are running SLED 11 SP1.
>> Our server is a Netapp filer with Ontap 7.3.3P4.
>>
>> We provide NFS exported directory's with krb5 security.
>>
>> Our KDC is a Windows 2003 and 2008 Active Directory.
>>
>> If we use nfs-client-1.2.1-8.1 everything works as expected.
>>
>> But if we upgrade to (any) newer client, all gssd mounts fail. Now there is a bugreport on Novell Bugzilla about this : https://bugzilla.novell.com/show_bug.cgi?id=614293#c7
>>
>> Apperantly if the nfs client is compiled with --disable-tirpc , the ticket size from the AD is to big ?
> Yes this problem was fixed in libitrpc with:
> 
> commit 599511589ca7ddb3b2eac8d3aa5b0b38be7a7691
> Author: Jeff Layton <jlayton@redhat.com>
> Date:   Fri Mar 5 14:27:13 2010 -0500
> 
>     libtirpc: allow larger ticket sizes with RPCSEC_GSS

When will 0.2.2 be released?

Cheers

Luk

Re: gssd mounts not working

[Steve Dickson]

On 04/23/2011 01:00 PM, Luk Claes wrote:
> On 04/23/2011 02:16 PM, Steve Dickson wrote:
>>
>>
>> On 04/21/2011 02:58 AM, Richard Smits wrote:
>>> Hello,
>>> We are having problems with our gssd nfs mounts. I will explain our situation.
>>>
>>> Our clients are running SLED 11 SP1.
>>> Our server is a Netapp filer with Ontap 7.3.3P4.
>>>
>>> We provide NFS exported directory's with krb5 security.
>>>
>>> Our KDC is a Windows 2003 and 2008 Active Directory.
>>>
>>> If we use nfs-client-1.2.1-8.1 everything works as expected.
>>>
>>> But if we upgrade to (any) newer client, all gssd mounts fail. Now there is a bugreport on Novell Bugzilla about this : https://bugzilla.novell.com/show_bug.cgi?id=614293#c7
>>>
>>> Apperantly if the nfs client is compiled with --disable-tirpc , the ticket size from the AD is to big ?
>> Yes this problem was fixed in libitrpc with:
>>
>> commit 599511589ca7ddb3b2eac8d3aa5b0b38be7a7691
>> Author: Jeff Layton <jlayton@redhat.com>
>> Date:   Fri Mar 5 14:27:13 2010 -0500
>>
>>     libtirpc: allow larger ticket sizes with RPCSEC_GSS
> 
> When will 0.2.2 be released?
I'll try to get it out sometime next week...

steved.