Hi, On Mon, Sep 2, 2019 at 6:04 PM Tobi Berninger via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: > > Hello, > > sadly we had a power shortage (a transformer exploded in the building next to > us....) and all server shutted down immediately - i started them again. > now we have some strange errors: > > First only two clients werent able to access their nfs home - two days latter > all clients cant access them... > > I first check the date but it is synced all over the system and not the > problem. > then i discovered an error in the logs that the callback ip wasnt right, > fixed that too... > still cant get access to the nfs server - only the one share that is > accessiable for all users is mounted. > Keytabes was renewed on NFSserver as on the clients. the krb5 logs dont show > any real clue...
Please first enable gssproxy debugging (man gssproxy.conf) if you are using CentOS7. It will tell you which key version/number it is trying to use. Maybe renewing the keytabs confused the clients about which key to use. If in the above logs you see key version mismatches between the keytabs and what gssproxy tries to use, you can remove the gssproxy cache from clients: rm -rf /var/lib/gssproxy/clients/krb5cc_* (and reboot if you can, or restart nfs units). Please let us know if this helped. Regards, François > I use virtualized Centos Based Server (Up to Date): > IpaServer > NFSServer > BackupNFSServer > > Any ideas? > Thanks > > > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
