[Bug 643289] Re: idmapd does not starts to work after system reboot
Is there any update on this? 11.04 with Kerberos, NFSv4, automount 5, idmapd does not start automatically. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/643289 Title: idmapd does not starts to work after system reboot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/643289/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 643289] Re: idmapd does not starts to work after system reboot
Hi Steve, I do not have a separate /usr partition -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/643289 Title: idmapd does not starts to work after system reboot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/643289/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 811823] Re: idmapd upstart job ends in an inconsistent state if /usr is a separate partition
** Changed in: nfs-utils (Ubuntu Natty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/811823 Title: idmapd upstart job ends in an inconsistent state if /usr is a separate partition To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/811823/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 643289] Re: idmapd does not starts to work after system reboot
I have enabled -proposed (ref bug 811823) and idmapd still not starting. The setup is natty with -proposed, Automount, NFSv4, Kerberos and NEED_IDMAPD=yes in /etc/default/nfs-common After boot idmapd is (consistently) not running. Using 'service idmapd start' after boot does not work and I need to manually launch rpc.idmapd as root and then restart autofs for mounts to work. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/643289 Title: idmapd does not starts to work after system reboot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/643289/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 368153] Re: Kerberos, NFS4 and autofs issue
Yes, the ticket is /tmp/krb5cc__ and the only difference in these two scenarios I describe is that when $HOME is NFS mounted `klist` show that I have the "nfs/@REALM" service ticket whilst it does not in the second scenario. >From what I could see in the nfs-utils docs though, RPCGSSDOPTS="-n" means you have to acquire the NFS service ticket as root manually before the user is able to mount any kerberized exports. This leads me to believe something is triggered in the login process (as root) making kerberos able to get the service ticket and insert into my credentials *IF* my home is NFS mounted. Plausible? I have tried logging in through both gdm and terminal and the behaviour is exactly the same. pam_krb5.so issue? Here is some proof of concept, first with autofs mouting my home under /net/home/user1: Ubuntu 9.04 tty1 hostname login: user1 Password: [ .. snip .. ] us...@hostname:~# klist Ticket cache: FILE:/tmp/krb5cc_1001_F4RoT Default principal: us...@realm Valid starting Expires Service principal 04/28/09 17:31:12 04/29/09 03:31:12 krbtgt/re...@relam renew until 04/29/09 17:31:12 Kerberos 4 ticket cache: /tmp/tkt1001 klist: You have no tickets cached us...@hostname:~# ls -l /net/home/user1 ls: cannot access /net/home/user1: No such file or directory us...@hostname:~# logout In syslog I see rpc.gssd complain about 'CC file '/tmp/krb5cc_1001_F4RoT owned by 1001, no 0' and automount 'access denied by server while mounting '. Now I log in as root and modify autofs to mount my home at /home/user1 then restart autofs daemon and log in as user1 again: Ubuntu 9.04 tty1 hostname login: user1 Password: [ .. snip .. ] us...@hostname:~# klist Ticket cache: FILE:/tmp/krb5cc_1001_Ru4r3l Default principal: us...@realm Valid starting Expires Service principal 04/28/09 17:36:12 04/29/09 03:36:12 krbtgt/re...@relam renew until 04/29/09 17:36:12 04/28/09 17:36:12 04/29/09 03:36:12 nfs/nfs-server.example@relam renew until 04/29/09 17:36:12 Kerberos 4 ticket cache: /tmp/tkt1001 klist: You have no tickets cached us...@hostname:~# logout Magically I now have an NFS service ticket apparently because my $HOME is pointing at the NFS server and I can easily browse my NFS home folder In syslog I see something that might explain the behaviour. rpc.gssd says: 'CC file '/tmp/krb5cc_pam_' (us...@realm) passed all checks and has mtime of ' and 'using FILE:/tmp/krb5cc_pam_ as credentials cache for client with uid 0 for server nfs-server.example.com'. Apparently PAM does some magic if it sees your home folder lives on NFS and creates a temporary credentials cache? Does this help to figure out what is causing this and how to fix it? Thanks Max PS: I couldn't copy/paste the above console output so it might have some typos -- Kerberos, NFS4 and autofs issue https://bugs.launchpad.net/bugs/368153 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 368153] Re: Kerberos, NFS4 and autofs issue
>Am I correct in thinking you already have a Kerberos ticket but no service ticket for NFS is acquired to access the NFS mount? If so, that means the GSS daemon isn't doing what it should. Yes, this is correct. Service ticket for NFS is missing unless users home is mounted over NFS. -- Kerberos, NFS4 and autofs issue https://bugs.launchpad.net/bugs/368153 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 368155] [NEW] Kerberos, NFS4 and autofs issue
Public bug reported: Ubuntu 9.04. When mounting the users home folder over NFS4 using Kerberos with RPCGSSDOPTS="-n" set in /etc/defaults/nfs-common a kerberos ticket is acquired for the NFS service thus allowing for other autofs kerberized mounts to work as well. However, if home is not on kerberos NFS (local) and the user trying to access kerberized NFS exports after logging in, a NFS kerberos ticket will fail to be acquired and the user must go through several manual steps for kerberos to pick up an NFS ticket. This is one way to do it: $ sudo kinit $ sudo ls -l /mountpoint At this point the automount will still fail as now the kerberos ticket is owned by root, however, if you change the owner of the ticket back to the original user, automount will be able to mount/access the kerberized NFS export. As mentioned at the beginning, this is not the case if the users home is NFS mounted as it seems to trigger a function that will automatically make Ubuntu acquire NFS kerberos ticket (machine credentials?). Note I'm not using client keytabs in this setup. I've added some verbose logging to this to try and figure out what the issue could be but the strange thing is the logs say the same even if it is able to mount: rpc.gssd access denied errors and failed to create krb5 context for uid 0. Is the mounting process by design? What triggers the mounts to work when $HOME is mounted over NFS and why do they fail if it is not? PS: this should be pretty easy to replicate if you have a working krb5/nfs4/autofs setup, simply point the /home autofs to somewhere else like e.g. /tmphome. Add RPCGSSDOPTS="-n" in /etc/defaults/nfs-common and restart. ** Affects: ubuntu Importance: Undecided Status: New ** Tags: autofs gssd krb5 nfs4 -- Kerberos, NFS4 and autofs issue https://bugs.launchpad.net/bugs/368155 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 368153] [NEW] Kerberos, NFS4 and autofs issue
Public bug reported: Ubuntu 9.04 latest update. When mounting the users home folder over NFS4 using Kerberos with RPCGSSDOPTS="-n" set in /etc/defaults/nfs-common a kerberos ticket is acquired for the NFS service thus allowing for other autofs kerberized mounts to work as well. However, if home is not on kerberos NFS (local) and the user trying to access kerberized NFS exports after logging in, a NFS kerberos ticket will fail to be acquired and the user must go through several manual steps for kerberos to pick up an NFS ticket. This is one way to do it: $ sudo kinit $ sudo ls -l /mountpoint At this point the automount will still fail as now the kerberos ticket is owned by root, however, if you change the owner of the ticket back to the original user, automount will be able to mount/access the kerberized NFS export. As mentioned at the beginning, this is not the case if the users home is NFS mounted as it seems to trigger a function that will automatically make Ubuntu acquire NFS kerberos ticket (machine credentials?). Note I'm not using client keytabs in this setup. I've added some verbose logging to this to try and figure out what the issue could be but the strange thing is the logs say the same even if it is able to mount: rpc.gssd access denied errors and failed to create krb5 context for uid 0. Is the mounting process by design? What triggers the mounts to work when $HOME is mounted over NFS and why do they fail if it is not? PS: this should be pretty easy to replicate if you have a working krb5/nfs4/autofs setup, simply point the /home autofs to somewhere else like e.g. /tmphome. Add RPCGSSDOPTS="-n" in /etc/defaults/nfs-common and restart. ** Affects: ubuntu Importance: Undecided Status: New ** Tags: autofs gssd krb5 nfs4 -- Kerberos, NFS4 and autofs issue https://bugs.launchpad.net/bugs/368153 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
