Bug#622146: nfs-kernel-server: error Encryption type not permitted

To: "Russ Allbery" <rra@debian.org>, 622146@bugs.debian.org, "Daniel Kahn Gillmor" <dkg@fifthhorseman.net>
Cc: "Luk Claes" <luk@debian.org>, "mc-sim85@ya.ru" <mc-sim85@ya.ru>
Subject: Bug#622146: nfs-kernel-server: error Encryption type not permitted
From: "Kramarenko A. Maxim" <mc-sim85@ya.ru>
Date: Tue, 15 Nov 2011 00:17:49 +0400
Message-id: <[🔎] op.v4ydbzs0eaxn5m@odmen.sag.local>
Reply-to: "Kramarenko A. Maxim" <mc-sim85@ya.ru>, 622146@bugs.debian.org
In-reply-to: <[🔎] 4EC16680.2050201@fifthhorseman.net>
References: <[🔎] 20111114145704.4829.23854.reportbug@archiv.SAG.local> <[🔎] 4EC13589.6020106@debian.org> <[🔎] op.v4x4sleseaxn5m@odmen.sag.local> <[🔎] 87obwed0tj.fsf@windlord.stanford.edu> <[🔎] 4EC16680.2050201@fifthhorseman.net>

Daniel Kahn Gillmor <dkg@fifthhorseman.net> писал(а) в своём письме Mon,14 Nov 2011 23:05:36 +0400:

On 11/14/2011 01:19 PM, Russ Allbery wrote:


You'll need the kernel from squeeze-backports or later to get enctypes
other than des-cbc-crc.

I can attest that 2.6.39-3~bpo60+1 works with aes128-cts with SHA-1
HMAC, as long as you're using the nfs-kernel-server from bpo or later.
I haven't tried it against a win2k8 kdc, though.

	--dkg

Thank you for your reply.
Daniel,

I updated the kernel to:
ARCHIV ~ # uname -a

Linux ARCHIV 2.6.39-bpo.2-686-pae #1 SMP Thu Aug 4 11:02:22 UTC 2011 i686GNU/Linux


But the error appears again and unable to mount.
client:
==============

Nov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd458c data 0xbfcd460cNov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd458c data 0xbfcd460cNov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd458c data 0xbfcd460cNov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd458c data 0xbfcd460cNov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd458c data 0xbfcd460cNov 15 00:06:32 debian rpc.gssd[1730]: handling gssd upcall(/var/lib/nfs/rpc_pipefs/nfs/clnt1f)Nov 15 00:06:32 debian rpc.gssd[1730]: handle_gssd_upcall: 'mech=krb5uid=0 enctypes=18,17,16,23,3,1,2 'Nov 15 00:06:32 debian rpc.gssd[1730]: handling krb5 upcall(/var/lib/nfs/rpc_pipefs/nfs/clnt1f)Nov 15 00:06:32 debian rpc.gssd[1730]: process_krb5_upcall: service is'<null>'Nov 15 00:06:32 debian rpc.gssd[1730]: Full hostname for'archiv.sag.local' is 'archiv.sag.local'Nov 15 00:06:32 debian rpc.gssd[1730]: Full hostname for'debian.sag.local' is 'debian.sag.local'Nov 15 00:06:32 debian rpc.gssd[1730]: No key table entry found forDEBIAN$@SAG.LOCAL while getting keytab entry for 'DEBIAN$@SAG.LOCAL'Nov 15 00:06:32 debian rpc.gssd[1730]: No key table entry found forroot/debian.sag.local@SAG.LOCAL while getting keytab entry for'root/debian.sag.local@SAG.LOCAL'Nov 15 00:06:32 debian rpc.gssd[1730]: Success getting keytab entry for'nfs/debian.sag.local@SAG.LOCAL'Nov 15 00:06:32 debian rpc.gssd[1730]: INFO: Credentials in CC'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321318191Nov 15 00:06:32 debian rpc.gssd[1730]: INFO: Credentials in CC'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321318191Nov 15 00:06:32 debian rpc.gssd[1730]: usingFILE:/tmp/krb5cc_machine_SAG.LOCAL as credentials cache for machine credsNov 15 00:06:32 debian rpc.gssd[1730]: using environment variable toselect krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCALNov 15 00:06:32 debian rpc.gssd[1730]: creating context using fsuid 0(save_uid 0)Nov 15 00:06:32 debian rpc.gssd[1730]: creating tcp client for serverarchiv.sag.local

Nov 15 00:06:32 debian rpc.gssd[1730]: DEBUG: port already set to 2049

Nov 15 00:06:32 debian rpc.gssd[1730]: creating context with servernfs@archiv.sag.localNov 15 00:06:32 debian rpc.gssd[1730]: WARNING: Failed to create krb5context for user with uid 0 for server archiv.sag.localNov 15 00:06:32 debian rpc.gssd[1730]: WARNING: Failed to create machinekrb5 context with credentials cache FILE:/tmp/krb5cc_machine_SAG.LOCAL forserver archiv.sag.localNov 15 00:06:32 debian rpc.gssd[1730]: WARNING: Machine cache isprematurely expired or corrupted trying to recreate cache for serverarchiv.sag.localNov 15 00:06:32 debian rpc.gssd[1730]: Full hostname for'archiv.sag.local' is 'archiv.sag.local'Nov 15 00:06:32 debian rpc.gssd[1730]: Full hostname for'debian.sag.local' is 'debian.sag.local'Nov 15 00:06:32 debian rpc.gssd[1730]: No key table entry found forDEBIAN$@SAG.LOCAL while getting keytab entry for 'DEBIAN$@SAG.LOCAL'Nov 15 00:06:32 debian rpc.gssd[1730]: No key table entry found forroot/debian.sag.local@SAG.LOCAL while getting keytab entry for'root/debian.sag.local@SAG.LOCAL'Nov 15 00:06:32 debian rpc.gssd[1730]: Success getting keytab entry for'nfs/debian.sag.local@SAG.LOCAL'Nov 15 00:06:32 debian rpc.gssd[1730]: INFO: Credentials in CC'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321318191Nov 15 00:06:32 debian rpc.gssd[1730]: INFO: Credentials in CC'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321318191Nov 15 00:06:32 debian rpc.gssd[1730]: usingFILE:/tmp/krb5cc_machine_SAG.LOCAL as credentials cache for machine credsNov 15 00:06:32 debian rpc.gssd[1730]: using environment variable toselect krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCALNov 15 00:06:32 debian rpc.gssd[1730]: creating context using fsuid 0(save_uid 0)Nov 15 00:06:32 debian rpc.gssd[1730]: creating tcp client for serverarchiv.sag.local

Nov 15 00:06:32 debian rpc.gssd[1730]: DEBUG: port already set to 2049

Nov 15 00:06:32 debian rpc.gssd[1730]: doing error downcall

Nov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd40bc data 0xbfcd413cNov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd40bc data 0xbfcd413cNov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd40bc data 0xbfcd413cNov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd40bc data 0xbfcd413cNov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd40bc data 0xbfcd413cNov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd40bc data 0xbfcd413cNov 15 00:06:32 debian rpc.gssd[1730]: dir_notify_handler: sig 37 si0xbfcd40bc data 0xbfcd413cNov 15 00:06:32 debian rpc.gssd[1730]: destroying client/var/lib/nfs/rpc_pipefs/nfs/clnt20Nov 15 00:06:32 debian rpc.gssd[1730]: destroying client/var/lib/nfs/rpc_pipefs/nfs/clnt1f

===============
... and server:
===============

Nov 15 00:06:34 archiv rpc.svcgssd[1097]: ERROR: GSS-API: error inhandle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSSfailure. Minor code may provide more information) - No supportedencryption types (config file error?)Nov 15 00:06:34 archiv rpc.svcgssd[1097]: ERROR: GSS-API: error inhandle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSSfailure. Minor code may provide more information) - No supportedencryption types (config file error?)



have any ideas?

--
Best Rgards

Reply to:

References:
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: "Mc.Sim" <mc-sim85@ya.ru>
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: Luk Claes <luk@debian.org>
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: "Kramarenko A. Maxim" <mc-sim85@ya.ru>
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: Russ Allbery <rra@debian.org>
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Prev by Date: Bug#647866: Network: Packages over hub via bnc not received
Next by Date: Bug#622146: nfs-kernel-server: error Encryption type not permitted
Previous by thread: Bug#622146: nfs-kernel-server: error Encryption type not permitted
Next by thread: Bug#648751: linux-image-3.0.0-1-rt-amd64: rcu_preempt_state while shutdown
Index(es):
- Date
- Thread