[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#622146: nfs-kernel-server: error Encryption type not permitted

I upgraded krb5-user from the repository, backports, but the error remained the same:

ARCHIV ~ # dpkg -l | grep -i mit
ii  krb5-user                                 1.9.1+dfsg-3                 Basic programs to authenticate using MIT Ke
ii  libgssapi-krb5-2                          1.9.1+dfsg-3                 MIT Kerberos runtime libraries - krb5 GSS-A
ii  libgssrpc4                                1.8.3+dfsg-4squeeze2         MIT Kerberos runtime libraries - GSS enable
ii  libk5crypto3                              1.9.1+dfsg-3                 MIT Kerberos runtime libraries - Crypto Lib
ii  libkadm5clnt-mit7                         1.8.3+dfsg-4squeeze2         MIT Kerberos runtime libraries - Administra
ii  libkadm5clnt-mit8                         1.9.1+dfsg-3                 MIT Kerberos runtime libraries - Administra
rc  libkadm5srv-mit7                          1.8.3+dfsg-4squeeze2         MIT Kerberos runtime libraries - KDC and Ad
ii  libkadm5srv-mit8                          1.9.1+dfsg-3                 MIT Kerberos runtime libraries - KDC and Ad
rc  libkdb5-4                                 1.8.3+dfsg-4squeeze2         MIT Kerberos runtime libraries - Kerberos d
ii  libkdb5-5                                 1.9.1+dfsg-3                 MIT Kerberos runtime libraries - Kerberos d
ii  libkrb5-3                                 1.9.1+dfsg-3                 MIT Kerberos runtime libraries
ii  libkrb5support0                           1.9.1+dfsg-3                 MIT Kerberos runtime libraries - Support li
ARCHIV ~ # echo startingmount >> /var/log/daemon.log
ARCHIV ~ # mount -v -t nfs4 -o sec=krb5 archiv:/nfs /mnt
mount.nfs4: timeout set for Thu Nov 17 11:22:49 2011
mount.nfs4: trying text-based options 'sec=krb5,addr=10.0.0.6,clientaddr=10.0.0.6'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting archiv:/nfs
ARCHIV ~ # grep -A500 startingmount /var/log/daemon.log
startingmount
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd3618c data 0xbfd3620c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd3809c data 0xbfd3811c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt6)
Nov 17 11:20:49 archiv rpc.gssd[846]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
Nov 17 11:20:49 archiv rpc.gssd[846]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt6)
Nov 17 11:20:49 archiv rpc.gssd[846]: process_krb5_upcall: service is '<null>'
Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.SAG.local' is 'archiv.sag.local'
Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.sag.local' is 'archiv.sag.local'
Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'ARCHIV$@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'root/archiv.sag.local@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: Success getting keytab entry for 'nfs/archiv.sag.local@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655
Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655
Nov 17 11:20:49 archiv rpc.gssd[846]: using FILE:/tmp/krb5cc_machine_SAG.LOCAL as credentials cache for machine creds
Nov 17 11:20:49 archiv rpc.gssd[846]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCAL
Nov 17 11:20:49 archiv rpc.gssd[846]: creating context using fsuid 0 (save_uid 0)
Nov 17 11:20:49 archiv rpc.gssd[846]: creating tcp client for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: DEBUG: port already set to 2049
Nov 17 11:20:49 archiv rpc.gssd[846]: creating context with server nfs@archiv.SAG.local
Nov 17 11:20:49 archiv rpc.svcgssd[13849]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure.  Minor code may provide more information) - No supported encryption types (config file error?)
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create krb5 context for user with uid 0 for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_SAG.LOCAL for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Machine cache is prematurely expired or corrupted trying to recreate cache for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.SAG.local' is 'archiv.sag.local'
Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.sag.local' is 'archiv.sag.local'
Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'ARCHIV$@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'root/archiv.sag.local@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: Success getting keytab entry for 'nfs/archiv.sag.local@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655
Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655
Nov 17 11:20:49 archiv rpc.gssd[846]: using FILE:/tmp/krb5cc_machine_SAG.LOCAL as credentials cache for machine creds
Nov 17 11:20:49 archiv rpc.gssd[846]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCAL
Nov 17 11:20:49 archiv rpc.gssd[846]: creating context using fsuid 0 (save_uid 0)
Nov 17 11:20:49 archiv rpc.gssd[846]: creating tcp client for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: DEBUG: port already set to 2049
Nov 17 11:20:49 archiv rpc.gssd[846]: creating context with server nfs@archiv.SAG.local
Nov 17 11:20:49 archiv rpc.svcgssd[13849]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure.  Minor code may provide more information) - No supported encryption types (config file error?)
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create krb5 context for user with uid 0 for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_SAG.LOCAL for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create machine krb5 context with any credentials cache for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: doing error downcall
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt7
Nov 17 11:20:49 archiv rpc.gssd[846]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt6
ARCHIV ~ #

May have someone else any advice?


--
Best Regards,
Mc.Sim.
http://www.k-max.name/
Reply to: