Bug ID 956558
Summary Base:System/nfs-utils: Bug GSS is disabled in config, but see rpc-svcgssd.service ERROR ( GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE) on boot
Classification openSUSE
Product openSUSE.org
Version unspecified
Hardware x86-64
OS openSUSE 42.1
Status NEW
Severity Normal
Priority P5 - None
Component 3rd party software
Assignee neilb@suse.com
Reporter 9b3e05a5@opayq.com
QA Contact opensuse-communityscreening@forge.provo.novell.com
Found By ---
Blocker --- 

I'm running Opensuse Leap 42.1 server.

nfs-kernel-server is installed & running

    systemctl status nfs-server
        nfs-server.service - NFS server and services
           Loaded: loaded (/usr/lib/systemd/system/nfs-server.service;
disabled)
          Drop-In: /usr/lib/systemd/system/nfs-server.service.d
                   ������nfsserver.conf
           Active: active (exited) since Tue 2015-11-24 14:11:42 PST; 3h 49min
ago
         Main PID: 2098 (code=exited, status=0/SUCCESS)
           CGroup: /system.slice/nfs-server.service
    rpm -q --whatprovides /usr/lib/systemd/system/nfs-server.service
        nfs-kernel-server-1.3.0-9.1.x86_64

The default status of RPC services is

    systemctl list-unit-files | grep -i rpc
        var-lib-nfs-rpc_pipefs.mount            static  
        auth-rpcgss-module.service              static  
        rpc-gssd.service                        static  
        rpc-statd-notify.service                static  
        rpc-statd.service                       static  
        rpc-svcgssd.service                     static  
        rpcbind.service                         enabled 
        rpcbind.socket                          enabled 
        rpcbind.target                          static  

NFS is configured to disable GSS (no krb5)

    grep -i gss /etc/sysconfig/nfs 
        NFS_SECURITY_GSS="no"
        GSSD_OPTIONS=""
        SVCGSSD_OPTIONS=""
        NFS_GSSD_AVOID_DNS="no"

but on boot, there's a rpc-svcgssd FAILure

    journalctl -xb | egrep -i "gss|rpc"
        Nov 24 14:10:27 xensvrkernel: RPC: Registered named UNIX socket
transport module.
        Nov 24 14:10:27 xensvrkernel: RPC: Registered udp transport module.
        Nov 24 14:10:27 xensvrkernel: RPC: Registered tcp transport module.
        Nov 24 14:10:27 xensvrkernel: RPC: Registered tcp NFSv4.1 backchannel
transport module.
        Nov 24 14:10:28 xensvrrpc.statd[293]: Version 1.3.0 starting
        Nov 24 14:10:28 xensvrrpc.statd[293]: Failed to open directory sm: No
such file or directory
        Nov 24 14:10:28 xensvrrpc.statd[293]: Initializing NSM state
        Nov 24 14:10:28 xensvrrpc.statd[293]: Running as root.  chown
/var/lib/nfs to choose different user
        Nov 24 14:10:37 xensvrrpcbind[289]: rpcbind terminating on signal.
Restart with "rpcbind -w"
        Nov 24 14:10:37 xensvrrpcbind[289]: cannot open file =
/var/lib/rpcbind/rpcbind.xdr for writing
        Nov 24 14:10:37 xensvrrpcbind[289]: cannot save any registration
        Nov 24 14:10:37 xensvrrpcbind[289]: cannot open file =
/var/lib/rpcbind/portmap.xdr for writing
        Nov 24 14:10:37 xensvrrpcbind[289]: cannot save any registration
>>>		Nov 24 14:10:39 xensvrsystemd[1]: Cannot add dependency job for unit gssproxy.service, ignoring: Unit gssproxy.service failed to load: No such file or directory.
        Nov 24 14:10:39 xensvrsystemd[1]: Starting Kernel Module supporting
RPCSEC_GSS...
        Nov 24 14:10:39 xensvrsystemd[1]: Starting RPCbind Server Activation
Socket.
        Nov 24 14:10:39 xensvrsystemd[1]: Listening on RPCbind Server
Activation Socket.
        Nov 24 14:10:39 xensvrsystemd[1]: Starting RPC Port Mapper.
        Nov 24 14:10:39 xensvrsystemd[1]: Reached target RPC Port Mapper.
        Nov 24 14:10:39 xensvrsystemd[1]: Started Kernel Module supporting
RPCSEC_GSS.
        Nov 24 14:10:43 xensvrsystemd[1]: Mounting RPC Pipe File System...
        Nov 24 14:10:43 xensvrsystemd[1]: Starting RPC Bind...
        Nov 24 14:10:43 xensvrsystemd[1]: Mounted RPC Pipe File System.
        Nov 24 14:10:44 xensvrsystemd[1]: Started RPC Bind.
        Nov 24 14:11:33 xensvrsystemd[1]: Starting RPC security service for NFS
client and server...
        Nov 24 14:11:33 xensvrsystemd[1]: Starting RPC security service for NFS
server...
        Nov 24 14:11:33 xensvrsystemd[1]: Started RPC security service for NFS
client and server.
        Nov 24 14:11:33 xensvrsystemd[1]: rpc-svcgssd.service: control process
exited, code=exited status=1
        Nov 24 14:11:33 xensvrsystemd[1]: Failed to start RPC security service
for NFS server.
        Nov 24 14:11:33 xensvrsystemd[1]: Unit rpc-svcgssd.service entered
failed state.
>>>		Nov 24 14:10:45 xensvrrpc.svcgssd[1326]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure.  Minor code may provide more information) - Unsupported key table format version number
>>>		Nov 24 14:10:45 xensvrrpc.svcgssd[1326]: unable to obtain root (machine) credentials
>>>		Nov 24 14:10:45 xensvrrpc.svcgssd[1326]: do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
        Nov 24 14:11:41 xensvrrpc.mountd[2083]: Version 1.3.0 starting
        Nov 24 14:11:41 xensvrrpc.statd[2092]: Version 1.3.0 starting
        Nov 24 14:11:41 xensvrrpc.statd[2092]: Flags: TI-RPC
        Nov 24 14:11:50 xensvrsystemd[1]: Starting Quota RPC monitor...
        Nov 24 14:11:50 xensvrsystemd[1]: Started Quota RPC monitor.

If GSS is properly disabled (is config sufficient?), why is the service start
being attempted in the first place?  attempt/service non-start could be logged,
but should not report ERROR.

You are receiving this mail because: