Package: nfs-kernel-server
Version: 1:1.0.10-6
System: Debian Stable
olaf:~# uname -a
Linux olaf 2.6.24-etchnhalf.1-486 #1 Tue Dec 2 07:03:38 UTC 2008 i686 GNU/Linux
Kerberos version: krb5-kdc (and other packages) from MIT, 1.4.4-7etc
Don't know which package the bug is in, suspect the kernel.
I have client machines and one server machine. All machines share the
same system and packages (except that clients of course have only the
client packages).
Server machine runs kerberos server, nis server, nfs server.
All machines are synchronized by NTP to within one second; kerberos'
allowed ticket time skew is set to 30 seconds.
/etc/exports on server (ip-address replaced):
/home ip-address-of-one-client(rw,fsid=0,insecure,no_subtree_check)
/home gss/krb5(rw,fsid=0,insecure,no_subtree_check)
/home gss/krb5i(rw,fsid=0,insecure,no_subtree_check)
/home gss/krb5p(rw,fsid=0,insecure,no_subtree_check)
(have run exportfs -r on the server then)
mount attempts on the client:
motion4:/# mount -t nfs4 olaf.iswbio.uni-jena.de:/ mnt/
motion4:/# umount mnt
motion4:/# mount -t nfs4 olaf.iswbio.uni-jena.de:/ mnt/ -osec=krb5
mount: block device olaf.iswbio.uni-jena.de:/ is write-protected, mounting
read-only
mount: cannot mount block device olaf.iswbio.uni-jena.de:/ read-only
motion4:/# mount -t nfs4 olaf.iswbio.uni-jena.de:/ mnt/ -osec=krb5i
mount: block device olaf.iswbio.uni-jena.de:/ is write-protected, mounting
read-only
mount: cannot mount block device olaf.iswbio.uni-jena.de:/ read-only
motion4:/# mount -t nfs4 olaf.iswbio.uni-jena.de:/ mnt/ -osec=krb5p
mount: block device olaf.iswbio.uni-jena.de:/ is write-protected, mounting
read-only
mount: cannot mount block device olaf.iswbio.uni-jena.de:/ read-only
motion4:/#
related log of kerberos on the server (some minutes before mount):
Jan 14 15:56:02 olaf krb5kdc[2717]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
141.35.118.159: ISSUE: authtime 1231944962, etypes {rep=1 tkt=16 ses=16},
nfs/motion4.iswbio.uni-jena...@iswbio.uni-jena.de for
krbtgt/iswbio.uni-jena...@iswbio.uni-jena.de
Jan 14 15:56:02 olaf krb5kdc[2717]: TGS_REQ (1 etypes {1}) 141.35.118.159:
ISSUE: authtime 1231944962, etypes {rep=16 tkt=1 ses=1},
nfs/motion4.iswbio.uni-jena...@iswbio.uni-jena.de for
nfs/olaf.iswbio.uni-jena...@iswbio.uni-jena.de
So the kerberos server has issued a ticket for the nfs-server to the
client.
The nfs-server logs (after echo 16 > /proc/sys/sunrpc/nfsd_debug:
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 24
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 10
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #3: 9
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #1: 22
Jan 14 16:11:28 olaf kernel: nfsv4 compound op #2: 9
for the successful mount without security and logs nothing for the
insuccesful mounts.
Olaf
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
