[Bug 406832] New: rpc. gssd not responding for nfs4 mounts with krb5 authentication
https://bugzilla.novell.com/show_bug.cgi?id=406832 Summary: rpc.gssd not responding for nfs4 mounts with krb5 authentication Product: openSUSE 11.0 Version: Final Platform: 32bit OS/Version: openSUSE 11.0 Status: NEW Severity: Normal Priority: P5 - None Component: Kernel AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: petersed@uwosh.edu QAContact: qa@suse.de Found By: --- I have a SLES 10 SP2 server sharing out a directory via NFS4 with Kerberos 5 authentication. I cannot mount the share from OpenSUSE 11.0 normally, the rpc.gssd daemon does not answer the kernel requests even though it is running. Starting the mount, killing off rpc.gssd and restarting it makes the mount work . I have three other clients working fine with the server (clients tested are OpenSUSE 10.3, CentOS 4, Ubuntu 04.08), all were set up exactly the same. All firewalls are disabled for this testing. All clients and the server are running in VMware ESX server. The SLES server is 64 bit, the clients are all 32 bit. The fact that it works by killing off and restarting the daemon suggests to me that my configuration and Kerberos is set up correctly, I suspect a bug with the rpc.gssd daemon or kernel module that prevents them from communicating properly. The export on the server looks like: /nfsexports gss/krb5(rw,async,fsid=0,insecure,no_subtree_check) The procedure on the client looks like this: # rcSuSEfirewall2 stop Shutting down the Firewall done # rcnfs start Starting NFS client services: sm-notifyBackgrounding to notify hosts... gssd idmapd done # mount -v -t nfs4 -osec=krb5 nfs4svr.domain:/ /nfs/ mount.nfs4: timeout set for Mon Jul 7 10:47:47 2008 mount.nfs4: text-based options: 'sec=krb5,addr=192.168.0.169,clientaddr=192.168. 0.167' mount.nfs4: text-based options: 'sec=krb5,addr=192.168.0.169,clientaddr=192.168.0.167' (4 times) mount.nfs4: Connection timed out The /var/log/messages file reports: nfs4client kernel: RPC: AUTH_GSS upcall timed out. nfs4client kernel: Please check user daemon is running! It is indeed running: # ps -e | grep gss 3205 ? 00:00:00 rpc.gssd Now, the interesting part. If I start the same mount command, and before the timeout expires open another terminal and do: # rcnfs restart Then the mount successfully completes! # ls /nfs localusers users1 users2 users3 If I umount it, and try to mount it again, it will time out unless I restart rpc.gssd again while the mount is running. If I run rpc.gssd in the foreground, then try to mount: # killall rpc.gssd # rpc.gssd -vvvf (separate terminal window) # mount -v -t nfs4 -osec=krb5 nfs4svr.domain:/ /nfs/ The only output I get from rpc.gssd is: beginning poll If I break out of rpc.gssd and start it again, before the mount times out, then it works: ^Cexiting on signal 2 # rpc.gssd -vvvf beginning poll handling krb5 upcall Full hostname for 'nfs4svr.domain' is 'nfs4svr.domain' Full hostname for 'nfs4client.domain' is 'nfs4client.domain' Key table entry not found while getting keytab entry for 'root/nfs4client.domain@REALM' Success getting keytab entry for 'nfs/nfs4client.domain@REALM' Successfully obtained machine credentials for principal 'nfs/nfs4client.domain@REALM' stored in ccache 'FILE:/tmp/krb5cc_machine_REALM' INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_REALM' are good until 1215532928 using FILE:/tmp/krb5cc_machine_REALM as credentials cache for machine creds using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_REALM creating context using fsuid 0 (save_uid 0) creating tcp client for server nfs4svr.domain creating context with server nfs@nfs4svr.domain DEBUG: serialize_krb5_ctx: lucid version! prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 doing downcall -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=406832
Robert Vojcik
https://bugzilla.novell.com/show_bug.cgi?id=406832
Jeff Mahoney
https://bugzilla.novell.com/show_bug.cgi?id=406832
User nfbrown@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406832#c1
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=406832
User petersed@uwosh.edu added comment
https://bugzilla.novell.com/show_bug.cgi?id=406832#c2
--- Comment #2 from Dan Petersen
https://bugzilla.novell.com/show_bug.cgi?id=406832
User petersed@uwosh.edu added comment
https://bugzilla.novell.com/show_bug.cgi?id=406832#c3
--- Comment #3 from Dan Petersen
https://bugzilla.novell.com/show_bug.cgi?id=406832
User nfbrown@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406832#c4
--- Comment #4 from Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=406832
User petersed@uwosh.edu added comment
https://bugzilla.novell.com/show_bug.cgi?id=406832#c5
Dan Petersen
https://bugzilla.novell.com/show_bug.cgi?id=406832
User nfbrown@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406832#c6
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=406832
User petersed@uwosh.edu added comment
https://bugzilla.novell.com/show_bug.cgi?id=406832#c7
Dan Petersen
https://bugzilla.novell.com/show_bug.cgi?id=406832
User nfbrown@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406832#c8
Neil Brown
https://bugzilla.novell.com/show_bug.cgi?id=406832
User nfbrown@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=406832#c9
Neil Brown
participants (1)
-
bugzilla_noreply@novell.com