Bug ID | 956558 |
---|---|
Summary | Base:System/nfs-utils: Bug GSS is disabled in config, but see rpc-svcgssd.service ERROR ( GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE) on boot |
Classification | openSUSE |
Product | openSUSE.org |
Version | unspecified |
Hardware | x86-64 |
OS | openSUSE 42.1 |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | 3rd party software |
Assignee | neilb@suse.com |
Reporter | 9b3e05a5@opayq.com |
QA Contact | opensuse-communityscreening@forge.provo.novell.com |
Found By | --- |
Blocker | --- |
I'm running Opensuse Leap 42.1 server. nfs-kernel-server is installed & running systemctl status nfs-server nfs-server.service - NFS server and services Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled) Drop-In: /usr/lib/systemd/system/nfs-server.service.d ������nfsserver.conf Active: active (exited) since Tue 2015-11-24 14:11:42 PST; 3h 49min ago Main PID: 2098 (code=exited, status=0/SUCCESS) CGroup: /system.slice/nfs-server.service rpm -q --whatprovides /usr/lib/systemd/system/nfs-server.service nfs-kernel-server-1.3.0-9.1.x86_64 The default status of RPC services is systemctl list-unit-files | grep -i rpc var-lib-nfs-rpc_pipefs.mount static auth-rpcgss-module.service static rpc-gssd.service static rpc-statd-notify.service static rpc-statd.service static rpc-svcgssd.service static rpcbind.service enabled rpcbind.socket enabled rpcbind.target static NFS is configured to disable GSS (no krb5) grep -i gss /etc/sysconfig/nfs NFS_SECURITY_GSS="no" GSSD_OPTIONS="" SVCGSSD_OPTIONS="" NFS_GSSD_AVOID_DNS="no" but on boot, there's a rpc-svcgssd FAILure journalctl -xb | egrep -i "gss|rpc" Nov 24 14:10:27 xensvrkernel: RPC: Registered named UNIX socket transport module. Nov 24 14:10:27 xensvrkernel: RPC: Registered udp transport module. Nov 24 14:10:27 xensvrkernel: RPC: Registered tcp transport module. Nov 24 14:10:27 xensvrkernel: RPC: Registered tcp NFSv4.1 backchannel transport module. Nov 24 14:10:28 xensvrrpc.statd[293]: Version 1.3.0 starting Nov 24 14:10:28 xensvrrpc.statd[293]: Failed to open directory sm: No such file or directory Nov 24 14:10:28 xensvrrpc.statd[293]: Initializing NSM state Nov 24 14:10:28 xensvrrpc.statd[293]: Running as root. chown /var/lib/nfs to choose different user Nov 24 14:10:37 xensvrrpcbind[289]: rpcbind terminating on signal. Restart with "rpcbind -w" Nov 24 14:10:37 xensvrrpcbind[289]: cannot open file = /var/lib/rpcbind/rpcbind.xdr for writing Nov 24 14:10:37 xensvrrpcbind[289]: cannot save any registration Nov 24 14:10:37 xensvrrpcbind[289]: cannot open file = /var/lib/rpcbind/portmap.xdr for writing Nov 24 14:10:37 xensvrrpcbind[289]: cannot save any registration >>> Nov 24 14:10:39 xensvrsystemd[1]: Cannot add dependency job for unit gssproxy.service, ignoring: Unit gssproxy.service failed to load: No such file or directory. Nov 24 14:10:39 xensvrsystemd[1]: Starting Kernel Module supporting RPCSEC_GSS... Nov 24 14:10:39 xensvrsystemd[1]: Starting RPCbind Server Activation Socket. Nov 24 14:10:39 xensvrsystemd[1]: Listening on RPCbind Server Activation Socket. Nov 24 14:10:39 xensvrsystemd[1]: Starting RPC Port Mapper. Nov 24 14:10:39 xensvrsystemd[1]: Reached target RPC Port Mapper. Nov 24 14:10:39 xensvrsystemd[1]: Started Kernel Module supporting RPCSEC_GSS. Nov 24 14:10:43 xensvrsystemd[1]: Mounting RPC Pipe File System... Nov 24 14:10:43 xensvrsystemd[1]: Starting RPC Bind... Nov 24 14:10:43 xensvrsystemd[1]: Mounted RPC Pipe File System. Nov 24 14:10:44 xensvrsystemd[1]: Started RPC Bind. Nov 24 14:11:33 xensvrsystemd[1]: Starting RPC security service for NFS client and server... Nov 24 14:11:33 xensvrsystemd[1]: Starting RPC security service for NFS server... Nov 24 14:11:33 xensvrsystemd[1]: Started RPC security service for NFS client and server. Nov 24 14:11:33 xensvrsystemd[1]: rpc-svcgssd.service: control process exited, code=exited status=1 Nov 24 14:11:33 xensvrsystemd[1]: Failed to start RPC security service for NFS server. Nov 24 14:11:33 xensvrsystemd[1]: Unit rpc-svcgssd.service entered failed state. >>> Nov 24 14:10:45 xensvrrpc.svcgssd[1326]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - Unsupported key table format version number >>> Nov 24 14:10:45 xensvrrpc.svcgssd[1326]: unable to obtain root (machine) credentials >>> Nov 24 14:10:45 xensvrrpc.svcgssd[1326]: do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab? Nov 24 14:11:41 xensvrrpc.mountd[2083]: Version 1.3.0 starting Nov 24 14:11:41 xensvrrpc.statd[2092]: Version 1.3.0 starting Nov 24 14:11:41 xensvrrpc.statd[2092]: Flags: TI-RPC Nov 24 14:11:50 xensvrsystemd[1]: Starting Quota RPC monitor... Nov 24 14:11:50 xensvrsystemd[1]: Started Quota RPC monitor. If GSS is properly disabled (is config sufficient?), why is the service start being attempted in the first place? attempt/service non-start could be logged, but should not report ERROR.