Bug#705922: NFS/kerberos

Mon, 22 Apr 2013 01:51:22 -0700 

Package: linux-image
Version: 3.2.0-4-amd64

After upgrading from Squeeze to Wheezy the above mentioned kernel was
installed and now I am unable to mount an NFS/krbi share:

$ mount -v /fs
mount.nfs4: timeout set for Mon Apr 22 10:21:59 2013
mount.nfs4: trying text-based options 
'sec=krb5i,addr=10.15.21.216,clientaddr=10.1.43.100'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting XXX:/

rpc.gssd gives the following debug output:
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: dir_notify_handler: sig 37 si 
0x7ffff33c50b0 data 0x7ffff33c4f80
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: dir_notify_handler: sig 37 si 
0x7ffff33c05b0 data 0x7ffff33c0480
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: dir_notify_handler: sig 37 si 
0x7ffff33c05b0 data 0x7ffff33c0480
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: handling gssd upcall 
(/var/lib/nfs/rpc_pipefs/nfs/clntd)
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: handle_gssd_upcall: 'mech=krb5 uid=0 
enctypes=18,17,16,23,3,1,2 '
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: handling krb5 upcall 
(/var/lib/nfs/rpc_pipefs/nfs/clntd)
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: process_krb5_upcall: service is 
'<null>'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: Full hostname for 
'fsnfs4.mynetwork.local' is 'fsnfs4.mynetwork.local'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: Full hostname for 
'l0144045.mynetwork.local' is 'l0144045.mynetwork.local'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: No key table entry found for 
L0144045$.MYNETWORK.LOCAL while getting keytab entry for 'L0144045$@'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: No key table entry found for 
root/l0144045.mynetwork.local.MYNETWORK.LOCAL while getting keytab entry for 
'root/l0144045.mynetwork.local@'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: Success getting keytab entry for 
'nfs/l0144045.mynetwork.local@'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: INFO: Credentials in CC 
'FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL' are good until 1366705137
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: INFO: Credentials in CC 
'FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL' are good until 1366705137
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: using 
FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL as credentials cache for machine creds
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: using environment variable to select 
krb5 ccache FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: creating context using fsuid 0 
(save_uid 0)
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: creating tcp client for server 
fsnfs4.mynetwork.local
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: DEBUG: port already set to 2049
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: creating context with server 
nfs@fsnfs4.mynetwork.local
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: WARNING: Failed to create krb5 context 
for user with uid 0 for server fsnfs4.mynetwork.local
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: WARNING: Failed to create machine krb5 
context with credentials cache FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL for 
server fsnfs4.mynetwork.local
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: WARNING: Machine cache is prematurely 
expired or corrupted trying to recreate cache for server fsnfs4.mynetwork.local
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: Full hostname for 
'fsnfs4.mynetwork.local' is 'fsnfs4.mynetwork.local'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: Full hostname for 
'l0144045.mynetwork.local' is 'l0144045.mynetwork.local'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: No key table entry found for 
L0144045$.MYNETWORK.LOCAL while getting keytab entry for 'L0144045$@'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: No key table entry found for 
root/l0144045.mynetwork.local.MYNETWORK.LOCAL while getting keytab entry for 
'root/l0144045.mynetwork.local@'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: Success getting keytab entry for 
'nfs/l0144045.mynetwork.local@'
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: INFO: Credentials in CC 
'FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL' are good until 1366705137
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: INFO: Credentials in CC 
'FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL' are good until 1366705137
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: using 
FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL as credentials cache for machine creds
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: using environment variable to select 
krb5 ccache FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: creating context using fsuid 0 
(save_uid 0)
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: creating tcp client for server 
fsnfs4.mynetwork.local
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: DEBUG: port already set to 2049
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: creating context with server 
nfs@fsnfs4.mynetwork.local
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: WARNING: Failed to create krb5 context 
for user with uid 0 for server fsnfs4.mynetwork.local
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: WARNING: Failed to create machine krb5 
context with credentials cache FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL for 
server fsnfs4.mynetwork.local
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: WARNING: Failed to create machine krb5 
context with any credentials cache for server fsnfs4.mynetwork.local
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: doing error downcall
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: dir_notify_handler: sig 37 si 
0x7ffff33c50b0 data 0x7ffff33c4f80
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: dir_notify_handler: sig 37 si 
0x7ffff33c50b0 data 0x7ffff33c4f80
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: dir_notify_handler: sig 37 si 
0x7ffff33c50b0 data 0x7ffff33c4f80
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: dir_notify_handler: sig 37 si 
0x7ffff33c50b0 data 0x7ffff33c4f80
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: dir_notify_handler: sig 37 si 
0x7ffff33c50b0 data 0x7ffff33c4f80
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: dir_notify_handler: sig 37 si 
0x7ffff33c50b0 data 0x7ffff33c4f80
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: dir_notify_handler: sig 37 si 
0x7ffff33c50b0 data 0x7ffff33c4f80
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: destroying client 
/var/lib/nfs/rpc_pipefs/nfs/clnte
Apr 22 10:23:47 l0144045 rpc.gssd[1795]: destroying client 
/var/lib/nfs/rpc_pipefs/nfs/clntd


Using kernel linux-image-2.6.32-5-amd64 (from squeeze) it still works:
$ mount -v /fs/
mount.nfs4: timeout set for Mon Apr 22 10:32:39 2013
mount.nfs4: trying text-based options 
'sec=krb5i,addr=10.15.21.216,clientaddr=10.1.43.100'

Apr 22 10:33:03 l0144045 rpc.gssd[1882]: dir_notify_handler: sig 37 si 
0x7ffface6b0f0 data 0x7ffface6afc0
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: dir_notify_handler: sig 37 si 
0x7ffface6b0f0 data 0x7ffface6afc0
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: dir_notify_handler: sig 37 si 
0x7ffface6b0f0 data 0x7ffface6afc0
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: handling gssd upcall 
(/var/lib/nfs/rpc_pipefs/nfs/clntc)
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: handle_gssd_upcall: 'mech=krb5 uid=0 '
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: handling krb5 upcall 
(/var/lib/nfs/rpc_pipefs/nfs/clntc)
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: process_krb5_upcall: service is 
'<null>'
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: Full hostname for 
'fsnfs4.mynetwork.local' is 'fsnfs4.mynetwork.local'
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: Full hostname for 
'l0144045.mynetwork.local' is 'l0144045.mynetwork.local'
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: No key table entry found for 
L0144045$.MYNETWORK.LOCAL while getting keytab entry for 'L0144045$@'
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: No key table entry found for 
root/l0144045.mynetwork.local.MYNETWORK.LOCAL while getting keytab entry for 
'root/l0144045.mynetwork.local@'
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: Success getting keytab entry for 
'nfs/l0144045.mynetwork.local@'
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: INFO: Credentials in CC 
'FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL' are good until 1366705769
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: INFO: Credentials in CC 
'FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL' are good until 1366705769
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: using 
FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL as credentials cache for machine creds
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: using environment variable to select 
krb5 ccache FILE:/tmp/krb5cc_machine.MYNETWORK.LOCAL
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: creating context using fsuid 0 
(save_uid 0)
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: creating tcp client for server 
fsnfs4.mynetwork.local
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: DEBUG: port already set to 2049
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: creating context with server 
nfs@fsnfs4.mynetwork.local
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: DEBUG: serialize_krb5_ctx: lucid 
version!
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: prepare_krb5_rfc1964_buffer: 
serializing keys with enctype 4 and length 8
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: doing downcall
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: handling gssd upcall 
(/var/lib/nfs/rpc_pipefs/nfs/clntc)
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: handle_gssd_upcall: 'mech=krb5 
uid=13186 '
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: handling krb5 upcall 
(/var/lib/nfs/rpc_pipefs/nfs/clntc)
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: process_krb5_upcall: service is 
'<null>'
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: getting credentials for client with 
uid 13186 for server fsnfs4.mynetwork.local
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: CC file '/tmp/krb5cc_13186_T9uhB8' 
being considered, with preferred realm .MYNETWORK.LOCAL'
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: CC file 
'/tmp/krb5cc_13186_T9uhB8'(shuber.MYNETWORK.LOCAL) passed all checks and has 
mtime of 1366619399
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: CC file 
'/tmp/krb5cc_machine.MYNETWORK.LOCAL' being considered, with preferred realm 
.MYNETWORK.LOCAL'
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: CC file 
'/tmp/krb5cc_machine.MYNETWORK.LOCAL' owned by 0, not 13186
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: using FILE:/tmp/krb5cc_13186_T9uhB8 as 
credentials cache for client with uid 13186 for server fsnfs4.mynetwork.local
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: using environment variable to select 
krb5 ccache FILE:/tmp/krb5cc_13186_T9uhB8
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: creating context using fsuid 13186 
(save_uid 0)
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: creating tcp client for server 
fsnfs4.mynetwork.local
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: DEBUG: port already set to 2049
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: creating context with server 
nfs@fsnfs4.mynetwork.local
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: DEBUG: serialize_krb5_ctx: lucid 
version!
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: prepare_krb5_rfc1964_buffer: 
serializing keys with enctype 4 and length 8
Apr 22 10:33:03 l0144045 rpc.gssd[1882]: doing downcall


(In the above logs I replaced some hostname with XXX resp. MYNETWORK.)



Best regards
Stefan

Attachment: signature.asc
Description: Digital signature

Reply via email to