Package: nfs-kernel-server
Version: 1:1.3.4-2.1
Severity: important
Dear Maintainer,
First of all, thank you for all you do to support Debian
Heres my /etc/default/nfs-kernel-server config file, it clearly "disables
svcgssd" :
root@filer:/etc/default# vi nfs-kernel-server
# Number of servers to start up
RPCNFSDCOUNT=8
# Runtime priority of server (see nice(1))
RPCNFSDPRIORITY=0
# Options for rpc.mountd.
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
#RPCMOUNTDOPTS="--manage-gids"
### TO DEBUG USE:
RPCMOUNTDOPTS="--manage-gids --debug all"
# Do you want to start the svcgssd daemon? It is only required for Kerberos
# exports. Valid alternatives are "yes" and "no"; the default is "no".
NEED_SVCGSSD=no
# Options for rpc.svcgssd.
#RPCSVCGSSDOPTS=""
RPCNFSDCOUNT="64 --no-nfs-version 3 --no-nfs-version 4"
~
~
~
But if I restart the nfs-server process, it errors out like this:
root@filer:/etc/default#
root@filer:/etc/default# service nfs-server restart
Job for nfs-server.service failed because the control process exited with error
code.
See "systemctl status nfs-server.service" and "journalctl -xe" for details.
root@filer:/etc/default# journalctl -xe
Dec 20 11:38:03 filer systemd[1]: Starting NFSv4 ID-name mapping service...
-- Subject: Unit nfs-idmapd.service has begun start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit nfs-idmapd.service has begun starting up.
Dec 20 11:38:03 filer systemd[1]: Starting RPC security service for NFS
server...
-- Subject: Unit rpc-svcgssd.service has begun start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit rpc-svcgssd.service has begun starting up.
Dec 20 11:38:03 filer systemd[1]: Started NFSv4 ID-name mapping service.
-- Subject: Unit nfs-idmapd.service has finished start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit nfs-idmapd.service has finished starting up.
--
-- The start-up result is done.
Dec 20 11:38:03 filer rpc.svcgssd[10651]: ERROR: GSS-API: error in
gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code
Dec 20 11:38:03 filer rpc.svcgssd[10651]: unable to obtain root (machine)
credentials
Dec 20 11:38:03 filer rpc.svcgssd[10651]: do you have a keytab entry for
nfs/@ in /etc/krb5.keytab?
Dec 20 11:38:03 filer systemd[1]: rpc-svcgssd.service: Control process exited,
code=exited status=1
Dec 20 11:38:03 filer systemd[1]: Failed to start RPC security service for NFS
server.
-- Subject: Unit rpc-svcgssd.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit rpc-svcgssd.service has failed.
--
-- The result is failed.
Dec 20 11:38:03 filer systemd[1]: rpc-svcgssd.service: Unit entered failed
state.
Dec 20 11:38:03 filer systemd[1]: rpc-svcgssd.service: Failed with result
'exit-code'.
Dec 20 11:38:03 filer rpc.mountd[10654]: Version 1.3.3 starting
Dec 20 11:38:03 filer systemd[1]: Started NFS Mount Daemon.
-- Subject: Unit nfs-mountd.service has finished start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit nfs-mountd.service has finished starting up.
I am trying to use nfs 4.1 (not 4) with no kerberos, but cant figure out how to
start it up.
If I take out the " --no-nfs-version 4" then nfs-server starts up ok, but I
have version 4 enabled where I only want version 4.1 and higher working:
root@filer:~# cat /proc/fs/nfsd/versions
-2 -3 +4 +4.1 +4.2
root@filer:~#
-- Package-specific info:
-- rpcinfo --
program vers proto port service
104 tcp111 portmapper
103 tcp111 portmapper
102 tcp111 portmapper
104 udp111 portmapper
103 udp111 portmapper
102 udp111 portmapper
133 tcp 2049 nfs
1002273 tcp 2049
133 udp 2049 nfs
1002273 udp 2049
1000241 udp 51907 status
1000241 tcp 59263 status
134 tcp 2049 nfs
134 udp 2049 nfs
1000211 udp 38357 nlockmgr
1000213 udp 38357 nlockmgr
1000214 udp 38357 nlockmgr
1000211 tcp 36441 nlockmgr
1000213 tcp 36441 nlockmgr
1000214 tcp 36441 nlockmgr
-- /etc/default/nfs-kernel-server --
RPCNFSDCOUNT=8
RPCNFSDPRIORITY=0
RPCMOUNTDOPTS="--manage-gids --debug all"
NEED_SVCGSSD=no