On Sat, 14 Sep 2024 10:06:28 +0200 Salvatore Bonaccorso
<car...@debian.org> wrote:
> close 832609 1:1.3.4-2
> thanks
>
I see that you fixed in 1:1.3.4-2 :
systemd: Don't degrade system state for nfs-clients when krb5 keytab
present but not containing the nfs/<FQDN> principal (Closes:
#985002)
But as I write in my 832609 report, I do:
I add the nfs SPN with:
" adcli join -N <my netbios client> -K /etc/krb5.keytab -V nfs <my AD domain> "
(mind I cannot use "net ads keytab add nfs" as I joind with realmd if
done so without
--membership-software=samba flag , the latter fails to apply
silently - if executed without -d<n> flag -
see :
https://bugzilla.redhat.com/show_bug.cgi?id=1271618 )
and then the issue at stack exhibits.
I believe you took the comment on my bug report that was about the nfs
missing as the bug reported, ie
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832609#17 . But it
was not.
I don't have the setup ready to test if the bug I reported that when
keytab is there, with the nfs entry in it and the rpcsec_gss_krb5 is
not loaded rpc-gssd.service errors out when starting with:
systemd[1]: Starting RPC security service for NFS server...
rpc.svcgssd[4860]: libnfsidmap: using (default) domain: <my AD domain>
systemd[1]: Started RPC security service for NFS server.
rpc.svcgssd[4860]: libnfsidmap: Realms list: '< my realm >'
rpc.svcgssd[4860]: libnfsidmap: loaded plugin
/lib/x86_64-linux-gnu/libnfsidmap/nsswitch.so for method nsswitch
rpc.svcgssd[4860]: failed to open /proc/net/rpc/auth.rpcsec.init/channel: No
such file or directory
I will try to reproduce ASAP, but if you can reproduce before me please
reopen if the bug is still there.
Best Regards,
Alban
