From: John Haiducek <jhaiduce@gmail.com>
To: linux-nfs@vger.kernel.org
Subject: Re: Can't mount NFSv4 with kerberos on Debian Wheezy
Date: Thu, 13 Jun 2013 23:57:16 -0600 [thread overview]
Message-ID: <51BAB0BC.1010303@gmail.com> (raw)
In-Reply-To: <51BAAFFC.6060208@gmail.com>
I'm able to use NFSv4 just fine using AUTH_SYS, but when I turn on
sec=krb5 I can't mount at all. I'm using Debian Wheezy.
I'm able to use Kerberos just fine for other things (like ssh), and
forward and reverse DNS appears to be working correctly per the host
command. However, the NFS mount command fails differently when I add my
host's IP address to /etc/hosts (the same host is both client and
server). Specifically, when the address is in /etc/hosts the NFS server
fails immediately with a "permission denied" error, while if the address
is not present in /etc/hosts the mount command hangs forever and never
returns. This makes it seem like mount.nfs or rpc.gssd can't find the
host in DNS even though other programs can. How can this be?
In /var/log/syslog I see this:
|Jun 11 20:28:12 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:12 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:12 tbm rpc.gssd[8959]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clntd
Jun 11 20:28:12 tbm rpc.idmapd[8954]: Stale client: d
Jun 11 20:28:12 tbm rpc.idmapd[8954]: #011-> closed /var/lib/nfs/rpc_pipefs/nfs/clntd/idmap
Jun 11 20:28:12 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:12 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:12 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:12 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:12 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:12 tbm rpc.gssd[8959]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clntc
Jun 11 20:28:12 tbm rpc.idmapd[8954]: Stale client: c
Jun 11 20:28:12 tbm rpc.idmapd[8954]: #011-> closed /var/lib/nfs/rpc_pipefs/nfs/clntc/idmap
Jun 11 20:28:13 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:13 tbm rpc.idmapd[8954]: New client: e
Jun 11 20:28:13 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:13 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e4570 data 0x7fffbc4e4440
Jun 11 20:28:13 tbm rpc.idmapd[8954]: Opened /var/lib/nfs/rpc_pipefs/nfs/clnte/idmap
Jun 11 20:28:13 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e4570 data 0x7fffbc4e4440
Jun 11 20:28:13 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:13 tbm rpc.idmapd[8954]: New client: f
Jun 11 20:28:13 tbm rpc.gssd[8959]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnte)
Jun 11 20:28:13 tbm rpc.gssd[8959]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
Jun 11 20:28:13 tbm rpc.gssd[8959]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnte)
Jun 11 20:28:13 tbm rpc.gssd[8959]: process_krb5_upcall: service is '<null>'
Jun 11 20:28:23 tbm rpc.gssd[8959]: Name or service not known while getting full hostname for 'tbm.enterprise.local'
Jun
11 20:28:23 tbm rpc.gssd[8959]: ERROR:
gssd_refresh_krb5_machine_credential: no usable keytab entry found in
keytab /etc/krb5.keytab for connection with host tbm.enterprise.local
Jun 11 20:28:23 tbm rpc.gssd[8959]: ERROR: No credentials found for connection to server tbm.enterprise.local
Jun 11 20:28:23 tbm rpc.gssd[8959]: doing error downcall
Jun 11 20:28:23 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:23 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:23 tbm rpc.idmapd[8954]: Stale client: f
Jun 11 20:28:23 tbm rpc.idmapd[8954]: #011-> closed /var/lib/nfs/rpc_pipefs/nfs/clntf/idmap
Jun 11 20:28:23 tbm rpc.gssd[8959]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clntf
Jun 11 20:28:23 tbm rpc.idmapd[8954]: Stale client: e
Jun 11 20:28:23 tbm rpc.idmapd[8954]: #011-> closed /var/lib/nfs/rpc_pipefs/nfs/clnte/idmap
Jun 11 20:28:23 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:23 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:23 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:23 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:23 tbm rpc.gssd[8959]: dir_notify_handler: sig 37 si 0x7fffbc4e9570 data 0x7fffbc4e9440
Jun 11 20:28:23 tbm rpc.gssd[8959]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnte|
Can anyone point me in the right direction for getting this working?
John Haiducek
next parent reply other threads:[~2013-06-14 5:57 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <51BAAFFC.6060208@gmail.com>
2013-06-14 5:57 ` John Haiducek [this message]
2013-06-14 17:05 ` Can't mount NFSv4 with kerberos on Debian Wheezy Chuck Lever
[not found] ` <CAFYD6QXVKpLDS_cWiA2uasu+KXazcRuk-+BX39MdehSwiu35gw@mail.gmail.com>
[not found] ` <871BEFF7-33F4-4B34-9887-D5388951987E@oracle.com>
2013-06-15 15:24 ` John Haiducek
2013-06-15 16:27 ` Chuck Lever
2013-06-15 16:28 ` John Haiducek
2013-06-15 16:31 ` Chuck Lever
2013-06-15 16:38 ` John Haiducek
2013-06-17 14:23 ` Chuck Lever
[not found] <51BF2014.2050809@gmail.com>
2013-06-17 14:42 ` John Haiducek
[not found] <51BF21E0.8060805@gmail.com>
2013-06-17 14:58 ` John Haiducek
2013-06-17 15:30 ` Chuck Lever
[not found] ` <51BFBA5A.5050104@gmail.com>
[not found] ` <8565C805-9C6C-4C06-83C0-8574EA90DA53@oracle.com>
[not found] ` <51C0AB95.9060509@gmail.com>
[not found] ` <EB30924A-D9F1-49C5-A727-DF8B4B2AFDAC@oracle.com>
[not found] ` <CAFYD6QXKcNkAgmJV5KyMOpx-cXg35GnYzBg9mg+LFdW83NyQZQ@mail.gmail.com>
[not found] ` <A2112E2B-FA65-4FF2-BC21-B78BBDC75CB1@oracle.com>
2013-06-27 6:31 ` John Haiducek
2013-06-27 7:41 ` Sven Geggus
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51BAB0BC.1010303@gmail.com \
--to=jhaiduce@gmail.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).