Package: nfs-kernel-server Version: 1:1.0.10-6 System: Debian Stable olaf:~# uname -a Linux olaf 2.6.24-etchnhalf.1-486 #1 Tue Dec 2 07:03:38 UTC 2008 i686 GNU/Linux
Kerberos version: krb5-kdc (and other packages) from MIT, 1.4.4-7etc Don't know which package the bug is in, suspect the kernel. I have client machines and one server machine. All machines share the same system and packages (except that clients of course have only the client packages). Server machine runs kerberos server, nis server, nfs server. All machines are synchronized by NTP to within one second; kerberos' allowed ticket time skew is set to 30 seconds. /etc/exports on server (ip-address replaced): /home ip-address-of-one-client(rw,fsid=0,insecure,no_subtree_check) /home gss/krb5(rw,fsid=0,insecure,no_subtree_check) /home gss/krb5i(rw,fsid=0,insecure,no_subtree_check) /home gss/krb5p(rw,fsid=0,insecure,no_subtree_check) (have run exportfs -r on the server then) mount attempts on the client: motion4:/# mount -t nfs4 olaf.iswbio.uni-jena.de:/ mnt/ motion4:/# umount mnt motion4:/# mount -t nfs4 olaf.iswbio.uni-jena.de:/ mnt/ -osec=krb5 mount: block device olaf.iswbio.uni-jena.de:/ is write-protected, mounting read-only mount: cannot mount block device olaf.iswbio.uni-jena.de:/ read-only motion4:/# mount -t nfs4 olaf.iswbio.uni-jena.de:/ mnt/ -osec=krb5i mount: block device olaf.iswbio.uni-jena.de:/ is write-protected, mounting read-only mount: cannot mount block device olaf.iswbio.uni-jena.de:/ read-only motion4:/# mount -t nfs4 olaf.iswbio.uni-jena.de:/ mnt/ -osec=krb5p mount: block device olaf.iswbio.uni-jena.de:/ is write-protected, mounting read-only mount: cannot mount block device olaf.iswbio.uni-jena.de:/ read-only motion4:/# related log of kerberos on the server (some minutes before mount): Jan 14 15:56:02 olaf krb5kdc[2717]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 141.35.118.159: ISSUE: authtime 1231944962, etypes {rep=1 tkt=16 ses=16}, nfs/motion4.iswbio.uni-jena...@iswbio.uni-jena.de for krbtgt/iswbio.uni-jena...@iswbio.uni-jena.de Jan 14 15:56:02 olaf krb5kdc[2717]: TGS_REQ (1 etypes {1}) 141.35.118.159: ISSUE: authtime 1231944962, etypes {rep=16 tkt=1 ses=1}, nfs/motion4.iswbio.uni-jena...@iswbio.uni-jena.de for nfs/olaf.iswbio.uni-jena...@iswbio.uni-jena.de So the kerberos server has issued a ticket for the nfs-server to the client. The nfs-server logs (after echo 16 > /proc/sys/sunrpc/nfsd_debug: Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 24 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 10 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #3: 9 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22 Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9 for the successful mount without security and logs nothing for the insuccesful mounts. Olaf -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org