From: yagi shinnosuke <linus404@gmail.com>
To: linux-nfs@vger.kernel.org
Subject: Failed to create machine krb5 context with any credentials cache for server
Date: Fri, 18 Jun 2010 07:27:18 +0900 [thread overview]
Message-ID: <AANLkTilsxbQrLAEwypOGgL72ePRNM7v5lm4H56HtrhGR@mail.gmail.com> (raw)
Hello.
I have been trying to set up kerberized nfsv3 server and clients over IPv6
network, but run into a few problems.
When I try to mount NFS share, an error "permission denied." occured and
failed to mount.
My server is FreeBSD8. My client is Fedora 13.
Without Kerberos, I can mount NFS share.
Output of mount command is follow
=============================================================================================
# mount -t nfs nfsserv.localdomain:/export/work /mnt/nfs/ -o
sec=krb5,vers=3 -v
mount.nfs: timeout set for Tue Jun 15 10:54:11 2010
mount.nfs: trying text-based options
'sec=krb5,vers=3,addr=2002:192:168:1:217:a4ff:fe20:e5f0'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 2001:XXXX::a4ff:fe20:e5f0 prog 100003 vers 3 prot TCP
port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 2001:XXXX::a4ff:fe20:e5f0 prog 100005 vers 3 prot UDP
port 818
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting
nfsserv.localdomain:/export/work
==============================================================================================
"nfsserv is hostname of NFS server and 2001:XXXX::a4ff:fe20:e5f0 is
its IPv6 address.
I run rpc.gssd with -vvvvv options, and I got following warnings.
==============================================================================================
creating context with server nfs-m9Topm0561QB9AHHLWeGtNQXobZC6xk2@public.gmane.org
WARNING: Failed to create krb5 context for user with uid 0 for server
nfsserv.localdomain
WARNING: Failed to create machine krb5 context with credentials cache
FILE:/tmp/krb5cc_machine_NWBOOT for server nfsserv.localdomain
WARNING: Failed to create machine krb5 context with any credentials
cache for server nfsserv.localdomain
doing error downcall
==============================================================================================
It seems that rpc.gssd could not create credentials for nfsserver.
However, I run kinit correctly on client.
My kinit and klist results are follow.
==============================================================================================
[root@fedoravm]# kinit root
Password for root@NWBOOT:
[root@fedoravm]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: root@NWBOOT
Valid starting Expires Service principal
06/15/10 16:53:22 06/16/10 16:53:15 krbtgt/NWBOOT@NWBOOT
renew until 06/22/10 16:53:15
==============================================================================================
I read following page and added root keytab to client, but nothing changed.
http://www.mail-archive.com/linux-nfs@vger.kernel.org/msg01360.html
My Client Keytab:
==============================================================================================
[root@fedoravm]# ktutil
ktutil: rkt /etc/krb5.keytab
ktutil: list -e
slot KVNO Principal
---- ----
---------------------------------------------------------------------
1 1 nfs/fedoravm.localdomain@NWBOOT (DES cbc mode with
CRC-32)
2 1 root/fedoravm.localdomain@NWBOOT (DES cbc mode with
CRC-32)
3 1 host/fedoravm.localdomain@NWBOOT (DES cbc mode with
CRC-32)
==============================================================================================
My Server Keytab:
==============================================================================================
nfsserv# ktutil list
FILE:/etc/krb5.keytab:
Vno Type Principal
1 des-cbc-crc nfs/nfsserv.localdomain@NWBOOT
1 des-cbc-crc root/nfsserv.localdomain@NWBOOT
1 des-cbc-crc host/nfsserv.localdomain@NWBOOT
==============================================================================================
I have surveyed web pages to find nothing about Kerberized NFS over IPv6.
I'm not sure it works or not.
Does rpc.gssd works on IPv6 enviromnent?
Can anybody give me any hints or suggestions?
Thanks.
next reply other threads:[~2010-06-17 22:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-17 22:27 yagi shinnosuke [this message]
[not found] ` <AANLkTilsxbQrLAEwypOGgL72ePRNM7v5lm4H56HtrhGR-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-06-18 11:24 ` Failed to create machine krb5 context with any credentials cache for server Jeff Layton
[not found] ` <4C1F22D7.1030200@nttcom.co.jp>
[not found] ` <4C1F22D7.1030200-o7dWnD6vFTHqq2nvvmkE/A@public.gmane.org>
2010-06-22 14:36 ` yagi shinnosuke
[not found] ` <AANLkTinCP_6GT8bqrUPo20PFBY4eCtIvoa0P8lKyiRRG-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-06-23 14:46 ` William A. (Andy) Adamson
2010-06-23 22:05 ` Kevin Coffman
[not found] ` <AANLkTilMP3kdkKVD3PxdqBA6LtE_HwZzoDPazp_blYUM-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-07-05 15:09 ` yagi shinnosuke
[not found] ` <AANLkTimwZxJqhUhE1mL4YyH_lz8x_W32LmG_2NU6zrV2-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2010-07-06 8:19 ` Kevin Coffman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AANLkTilsxbQrLAEwypOGgL72ePRNM7v5lm4H56HtrhGR@mail.gmail.com \
--to=linus404@gmail.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).