From: "Brian J. Murrell" <brian@interlinx.bc.ca>
To: linux-nfs@vger.kernel.org
Subject: different kernels mean NFS4/GSSAPI works or doesn't
Date: Tue, 22 Mar 2011 19:27:17 -0400 [thread overview]
Message-ID: <imbb8m$uiv$1@dough.gmane.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 2161 bytes --]
I was hoping I could bring a kernel.org ticket that I filed to your
attention in the hopes that somebody might have an epiphany.
https://bugzilla.kernel.org/show_bug.cgi?id=31442
This is a strange problem where simply booting to a different kernel,
even within the same release stream (2.6.32) can result in an NFS server
that doesn't seem to want to respond to GSSAPI mount requests.
I was working with Trond on it and it got as far as my reporting what
rpc.gssd is doing when a failed (blocked in fact) mount request happens:
pc# rpc.gssd with the -f -vvv
beginning poll
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt6e1)
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt6e1)
process_krb5_upcall: service is '<null>'
Full hostname for 'linux.example.com' is 'linux.example.com'
Full hostname for 'pc' is 'pc'
Key table entry not found while getting keytab entry for 'root/pc@ILINX'
Key table entry not found while getting keytab entry for 'nfs/pc@ILINX'
Key table entry not found while getting keytab entry for 'host/pc@ILINX'
Success getting keytab entry for nfs/*@ILINX
WARNING: Key table entry not found while getting initial ticket for
principal
'nfs/pc.example.com@ILINX' using keytab 'WRFILE:/etc/krb5.keytab'
ERROR: No credentials found for connection to server linux.example.com
doing error downcall
destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt6e1
destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt6e0
destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt6df
destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt6e4
destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt6e3
pc$ sudo mount -t nfs4 -o sec=krb5 linux:/tmp /mnt/tmp
mount.nfs4: access denied by server while mounting linux:/tmp
Now granted, this isn't a block/hang on the mount, but this was also
after having removed 3des entries from my keytabs. I wasn't getting
access denied before removing the 3des keytab entries but was getting
blocked mount.nfs4 commands on the client.
More gory details are in the ticket.
Any next debugging steps?
Cheers,
b.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 262 bytes --]
next reply other threads:[~2011-03-22 23:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-22 23:27 Brian J. Murrell [this message]
2011-03-23 2:41 ` different kernels mean NFS4/GSSAPI works or doesn't Kevin Coffman
2011-03-23 11:03 ` Brian J. Murrell
2011-03-23 14:29 ` Kevin Coffman
[not found] ` <AANLkTi=b1z0MrYYQmidbra0EHanegcLO5qoOScLq21rb-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2011-03-23 15:07 ` Brian J. Murrell
2011-03-23 17:07 ` Trond Myklebust
2011-03-27 0:07 ` Brian J. Murrell
[not found] ` <1300900035.11677.12.camel-SyLVLa/KEI9HwK5hSS5vWB2eb7JE58TQ@public.gmane.org>
2011-03-27 12:42 ` Brian J. Murrell
2011-03-30 12:09 ` Brian J. Murrell
2011-04-01 13:02 ` Brian J. Murrell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='imbb8m$uiv$1@dough.gmane.org' \
--to=brian@interlinx.bc.ca \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).