Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

nfs4 kerberos
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
nox23
n00b
n00b


Joined: 15 Jul 2012
Posts: 30
PostPosted: Mon Feb 25, 2013 3:11 pm    Post subject: nfs4 kerberos Reply with quote
Hello

I don't manage to get nfs4 + kerberos working.
So, does anybody know how to make it works ?

gentoo client nfsv4+kerberos hangs forever :

on client tailf /var/log/messages

Code:

Feb 24 10:56:01 falbala rpc.gssd[7186]: beginning poll
Feb 24 10:56:12 falbala /etc/init.d/rpc.pipefs[7202]: WARNING: rpc.pipefs has already been started
Feb 24 10:56:18 falbala /etc/init.d/nfsmount[7203]: WARNING: nfsmount has already been started
Feb 24 10:56:22 falbala rpc.gssd[7186]: dir_notify_handler: sig 37 si 0x7fff04fa3bb0 data 0x7fff04fa3a80
Feb 24 10:56:22 falbala rpc.gssd[7186]: dir_notify_handler: sig 37 si 0x7fff04fa3bb0 data 0x7fff04fa3a80
Feb 24 10:56:22 falbala rpc.gssd[7186]: dir_notify_handler: sig 37 si 0x7fff04fa3bb0 data 0x7fff04fa3a80
Feb 24 10:56:22 falbala rpc.gssd[7186]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt0)
Feb 24 10:56:22 falbala rpc.gssd[7186]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
Feb 24 10:56:22 falbala rpc.gssd[7186]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt0)
Feb 24 10:56:22 falbala rpc.gssd[7186]: process_krb5_upcall: service is '<null>'
Feb 24 10:56:22 falbala rpc.gssd[7186]: Full hostname for 'blanche-neige.noxy.local' is 'blanche-neige.noxy.local'
Feb 24 10:56:22 falbala rpc.gssd[7186]: Full hostname for 'falbala.noxy.local' is 'falbala.noxy.local'
Feb 24 10:56:22 falbala rpc.gssd[7186]: No key table entry found for FALBALA$@NOXY.LOCAL while getting keytab entry for 'FALBALA$@NOXY.LOCAL'
Feb 24 10:56:22 falbala rpc.gssd[7186]: No key table entry found for root/falbala.noxy.local@NOXY.LOCAL while getting keytab entry for 'root/falbala.noxy.local@NOXY.LOCAL'
Feb 24 10:56:22 falbala rpc.gssd[7186]: Success getting keytab entry for 'nfs/falbala.noxy.local@NOXY.LOCAL'
Feb 24 10:56:22 falbala rpc.gssd[7186]: Successfully obtained machine credentials for principal 'nfs/falbala.noxy.local@NOXY.LOCAL' stored in ccache 'FILE:/tmp/krb5cc_machine_NOXY.LOCAL'
Feb 24 10:56:22 falbala rpc.gssd[7186]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_NOXY.LOCAL' are good until 1361735781
Feb 24 10:56:22 falbala rpc.gssd[7186]: using FILE:/tmp/krb5cc_machine_NOXY.LOCAL as credentials cache for machine creds
Feb 24 10:56:22 falbala rpc.gssd[7186]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_NOXY.LOCAL
Feb 24 10:56:22 falbala rpc.gssd[7186]: creating context using fsuid 0 (save_uid 0)
Feb 24 10:56:22 falbala rpc.gssd[7186]: creating tcp client for server blanche-neige.noxy.local
Feb 24 10:56:22 falbala rpc.gssd[7186]: DEBUG: port already set to 2049
Feb 24 10:56:22 falbala rpc.gssd[7186]: creating context with server nfs@blanche-neige.noxy.local
Feb 24 10:56:22 falbala rpc.gssd[7186]: DEBUG: serialize_krb5_ctx: lucid version!
Feb 24 10:56:22 falbala rpc.gssd[7186]: prepare_krb5_rfc4121_buffer: protocol 1
Feb 24 10:56:22 falbala rpc.gssd[7186]: prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32
Feb 24 10:56:22 falbala rpc.gssd[7186]: doing downcall
Feb 24 10:56:22 falbala kernel: sha1_ssse3: Using AVX optimized SHA-1 implementation


on the server tailf /var/log/daemon/log :

Code:

Feb 24 10:53:31 blanche-neige /etc/init.d/nfs[6584]: WARNING: nfs has already been started
Feb 24 10:53:39 blanche-neige /etc/init.d/rpc.idmapd[6585]: WARNING: rpc.idmapd has already been started
Feb 24 10:53:58 blanche-neige /etc/init.d/rpc.svcgssd[6600]: WARNING: rpc.svcgssd has already been started
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: leaving poll
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: handling null request
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: svcgssd_limit_krb5_enctypes: Calling gss_set_allowable_enctypes with 7 enctypes from the kernel
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: sname = nfs/falbala.noxy.local@NOXY.LOCAL
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: DEBUG: serialize_krb5_ctx: lucid version!
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: prepare_krb5_rfc4121_buffer: protocol 1
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: doing downcall
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: mech: krb5, hndl len: 4, ctx len 52, timeout: 1361735781 (35990 from now), clnt: nfs@falbala.noxy.local, uid: -1, gid: -1, num aux grps: 0:
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: sending null reply
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: writing message: \x \x6082027e06092a864886f712010
20201006e82026d30820269a003020105a10302010ea20703050020000
000a38201706182016c30820168a003020105a10c1b0a4e4f58592e4c4f43414ca22a3028a003020103a1213
01f1b036e66731b18626c616e6368652d6e656967652e6e6f78792e6c6f63616ca382012530820121a003020
112a103020102a28201130482010fb7f3663f467fd78e1615577a887dacf05e4761262318575a768e63bbe43
b0f6b1b81f58ccf1ab185800c64626d14a4cfe120c3b5397e92df11b5a098b74c03501a2d056b3ef7c2cbaf9736
166780e8ced5a597e4b41ddaddba4c203fa6286ce6b72065cd2edee3d68c7760e8adc36179042794b60cd9a
4ef0fb91ce548914f3c8fe55269e7facc4b573b54b4d49545bea52457d15761bdbe78486b9f8f0382285c662c1
961a9f8df8bafce8d891fb778a6c1a70e57f85dfb5311d1fff0aeff4fa720a3474657f3d8c51753ad42dabd908a5
d4bceb12ea33e59144668427e62be989d7e89c365389d8a9c53f3164365a24c1ab5323f890bc291494a7a13
8194da86aedb4bdb4e0a4a7b537c6e093503a481df3081dca003020112a281d40481d19ac57d4506620a4cf
f4ffc3466bc3297095faaa9b8e0b05f62ceee6f1c77beaeff24388f95ddef31977c9aaa26422aab9ab0f0555ccca3
370ea7a2ef62729c17fb4f58d01c66a16bfc0e0f056edfadfc1fa4c6cbad886dd051079f25143aca7f41b2c2b539
c1629bac53c78ee6fa29a591be74ee7712bbacf628a8382818afeb8113d58bb78cccc509fd2952f74e06679c3f
c6055285a2a248c783d4b32e60ba9f0a14882f102238daf3d22643247cd552aaed0714ba097ff67b8aafdca98
4094187f88cef7f24421677ae25c2390c7c86 1361699851 0 0 \x02000000 \x60819906092a864886f7120102
0202006f8189308186a003020105a10302010fa27a3078a003020112a271046fa2992f173f2c5f89f6d58d2e2b
7433795124c7702e64d9b67c06e94388db5333f69998207a127217f17e3d7a994741f22be2bfd34293ad1f811
440aa10a8b94f98cebb765daeeb8af2977ee253f3f872cb6123d203b15eed665d1f63a1dcd9ee2ec9bd3af5f5ae
3cca3cc21b336d61
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: finished handling null request
Feb 24 10:56:31 blanche-neige rpc.svcgssd[2672]: entering poll


the command :

Code:


10:56 root@falbala ~# mount -vvv -t nfs4 -o sec=krb5 blanche-neige.noxy.local:/  /home_nfsv4
mount: fstab path: "/etc/fstab"
mount: mtab path:  "/etc/mtab"
mount: lock path:  "/etc/mtab~"
mount: temp path:  "/etc/mtab.tmp"
mount: UID:        0
mount: eUID:       0
mount: spec:  "blanche-neige.noxy.local:/"
mount: node:  "/home_nfsv4"
mount: types: "nfs4"
mount: opts:  "sec=krb5"
mount: external mount: argv[0] = "/sbin/mount.nfs4"
mount: external mount: argv[1] = "blanche-neige.noxy.local:/"
mount: external mount: argv[2] = "/home_nfsv4"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,sec=krb5"
mount.nfs4: timeout set for Sun Feb 24 10:58:22 2013
mount.nfs4: trying text-based options 'sec=krb5,addr=192.168.0.1,clientaddr=192.168.0.51'


hangs forever

nfs4 without kerberos is working
kerberos working getting ticket
rpcsec_gss_krb5 module is loaded :
my krb5.conf
Code:

[libdefaults]
        default_realm = NOXY.LOCAL
        forwardable = true
        renew_lifetime = 3days
        allow_weak_crypto = true

[realms]
# use "kdc = ..." if realm admins haven't put SRV records into DNS
        NOXY.LOCAL = {
                kdc = gavroche.noxy.local
                admin_server = gavroche.noxy.local
        }

[domain_realm]
        .noxy.local = NOXY.LOCAL
        noxy.local = NOXY.LOCAL

[logging]
       kdc = CONSOLE


SERVER
Code:

root@blanche-neige /home/backup# ktutil     
ktutil:  rkt /etc/krb5.keytab
ktutil:  list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    2  nfs/blanche-neige.noxy.local@NOXY.LOCAL (des-cbc-crc)

CLIENT
Code:

root@falbala ~# ktutil 
ktutil:  rkt /etc/krb5.keytab
ktutil:  list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    2        nfs/falbala.noxy.local@NOXY.LOCAL (des-cbc-crc)
ktutil:


Any advice ?
Back to top
View user's profile Send private message
nox23
n00b
n00b


Joined: 15 Jul 2012
Posts: 30
PostPosted: Fri Mar 08, 2013 10:39 pm    Post subject: Reply with quote
the solution was to downgrade to "net-fs/nfs-utils-1.2.5"
ALL works great now.
I filed a bug here : https://bugs.gentoo.org/show_bug.cgi?id=460308
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2021 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy