On 28/08/11 04:28, Bastian Blank wrote:
Hi Bastian.On Sun, Aug 28, 2011 at 04:19:48AM +1000, Jiri Kanicky wrote:ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?)The error is different from the first one. Did you configure both the server and client with this encryption type? Bastian Let me summarize all the setting and logs for each server and client: KRB5/LDAP/NFS4 SERVER (maverick) ======================== maverick:/home/ganomi/# cat /etc/krb5kdc/kdc.conf [kdcdefaults] kdc_ports = 750,88 [realms] FIRM.LOCAL = { database_name = /var/lib/krb5kdc/principal admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab acl_file = /etc/krb5kdc/kadm5.acl key_stash_file = /etc/krb5kdc/stash kdc_ports = 750,88 max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s master_key_type = des3-hmac-sha1 supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3 aes256-cts:normal aes128-cts:normal des3-cbc-sha16:normal default_principal_flags = +preauth } maverick:/home/ganomi/# klist -ke /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 5 nfs/maverick.firm.local@FIRM.LOCAL (des3-cbc-sha1) 5 nfs/maverick.firm.local@FIRM.LOCAL (des-cbc-crc) 6 nfs/maverick.firm.local@FIRM.LOCAL (aes256-cts-hmac-sha1-96) maverick:/home/ganomi/# rpc.svcgssd -fvvv entering poll leaving poll handling null request WARNING: gss_accept_sec_context failed ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?) sending null reply writing message: \x \x608202c706092a86... ...1314468539 851968 2529639149 \x \x finished handling null request CLIENT (knightrider) ============== root@knightrider:/home/ganomi# klist -ke /etc/krb5.keytab Keytab name: WRFILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 7 nfs/knightrider.firm.local@FIRM.LOCAL (aes256-cts-hmac-sha1-96) root@knightrider:/home/ganomi# rpc.gssd -fvvv ir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00 dir_notify_handler: sig 37 si 0x7fff26022470 data 0x7fff26022340 dir_notify_handler: sig 37 si 0x7fff26022470 data 0x7fff26022340 handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt17) handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt17) process_krb5_upcall: service is '<null>' Full hostname for 'maverick.firm.local' is 'maverick.firm.local' Full hostname for 'knightrider.firm.local' is 'knightrider.firm.local' No key table entry found for KNIGHTRIDER$@FIRM.LOCAL while getting keytab entry for 'KNIGHTRIDER$@FIRM.LOCAL' No key table entry found for root/knightrider.firm.local@FIRM.LOCAL while getting keytab entry for 'root/knightrider.firm.local@FIRM.LOCAL' Success getting keytab entry for 'nfs/knightrider.firm.local@FIRM.LOCAL' Successfully obtained machine credentials for principal 'nfs/knightrider.firm.local@FIRM.LOCAL' stored in ccache 'FILE:/tmp/krb5cc_machine_FIRM.LOCAL' INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_FIRM.LOCAL' are good until 1314506238 using FILE:/tmp/krb5cc_machine_FIRM.LOCAL as credentials cache for machine creds using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_FIRM.LOCAL creating context using fsuid 0 (save_uid 0) creating tcp client for server maverick.firm.local DEBUG: port already set to 2049 creating context with server nfs@maverick.firm.local WARNING: Failed to create krb5 context for user with uid 0 for server maverick.firm.local WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_FIRM.LOCAL for server maverick.firm.local WARNING: Machine cache is prematurely expired or corrupted trying to recreate cache for server maverick.firm.local Full hostname for 'maverick.firm.local' is 'maverick.firm.local' Full hostname for 'knightrider.firm.local' is 'knightrider.firm.local' No key table entry found for KNIGHTRIDER$@FIRM.LOCAL while getting keytab entry for 'KNIGHTRIDER$@FIRM.LOCAL' No key table entry found for root/knightrider.firm.local@FIRM.LOCAL while getting keytab entry for 'root/knightrider.firm.local@FIRM.LOCAL' Success getting keytab entry for 'nfs/knightrider.firm.local@FIRM.LOCAL' INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_FIRM.LOCAL' are good until 1314506238 INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_FIRM.LOCAL' are good until 1314506238 using FILE:/tmp/krb5cc_machine_FIRM.LOCAL as credentials cache for machine creds using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_FIRM.LOCAL creating context using fsuid 0 (save_uid 0) creating tcp client for server maverick.firm.local DEBUG: port already set to 2049 creating context with server nfs@maverick.firm.local WARNING: Failed to create krb5 context for user with uid 0 for server maverick.firm.local WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_FIRM.LOCAL for server maverick.firm.local WARNING: Failed to create machine krb5 context with any credentials cache for server maverick.firm.local doing error downcall dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00 dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00 dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00 dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00 dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00 dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00 dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00 destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt18 destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt17 |