Bug#884871: nfs-kernel-server: svcgssd starts anyways when "disabled" in /etc/default/nfs-kernel-server
Package: nfs-kernel-server
Version: 1:1.3.4-2.1
Severity: important
Dear Maintainer,
First of all, thank you for all you do to support Debian!!!!!!!!
Heres my /etc/default/nfs-kernel-server config file, it clearly "disables svcgssd" :
root@filer:/etc/default# vi nfs-kernel-server
# Number of servers to start up
RPCNFSDCOUNT=8
# Runtime priority of server (see nice(1))
RPCNFSDPRIORITY=0
# Options for rpc.mountd.
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
#RPCMOUNTDOPTS="--manage-gids"
### TO DEBUG USE:
RPCMOUNTDOPTS="--manage-gids --debug all"
# Do you want to start the svcgssd daemon? It is only required for Kerberos
# exports. Valid alternatives are "yes" and "no"; the default is "no".
NEED_SVCGSSD=no
# Options for rpc.svcgssd.
#RPCSVCGSSDOPTS=""
RPCNFSDCOUNT="64 --no-nfs-version 3 --no-nfs-version 4"
~
~
~
But if I restart the nfs-server process, it errors out like this:
root@filer:/etc/default#
root@filer:/etc/default# service nfs-server restart
Job for nfs-server.service failed because the control process exited with error code.
See "systemctl status nfs-server.service" and "journalctl -xe" for details.
root@filer:/etc/default# journalctl -xe
Dec 20 11:38:03 filer systemd[1]: Starting NFSv4 ID-name mapping service...
-- Subject: Unit nfs-idmapd.service has begun start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit nfs-idmapd.service has begun starting up.
Dec 20 11:38:03 filer systemd[1]: Starting RPC security service for NFS server...
-- Subject: Unit rpc-svcgssd.service has begun start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit rpc-svcgssd.service has begun starting up.
Dec 20 11:38:03 filer systemd[1]: Started NFSv4 ID-name mapping service.
-- Subject: Unit nfs-idmapd.service has finished start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit nfs-idmapd.service has finished starting up.
--
-- The start-up result is done.
Dec 20 11:38:03 filer rpc.svcgssd[10651]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code
Dec 20 11:38:03 filer rpc.svcgssd[10651]: unable to obtain root (machine) credentials
Dec 20 11:38:03 filer rpc.svcgssd[10651]: do you have a keytab entry for nfs/<your.host>@<YOUR.REALM> in /etc/krb5.keytab?
Dec 20 11:38:03 filer systemd[1]: rpc-svcgssd.service: Control process exited, code=exited status=1
Dec 20 11:38:03 filer systemd[1]: Failed to start RPC security service for NFS server.
-- Subject: Unit rpc-svcgssd.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit rpc-svcgssd.service has failed.
--
-- The result is failed.
Dec 20 11:38:03 filer systemd[1]: rpc-svcgssd.service: Unit entered failed state.
Dec 20 11:38:03 filer systemd[1]: rpc-svcgssd.service: Failed with result 'exit-code'.
Dec 20 11:38:03 filer rpc.mountd[10654]: Version 1.3.3 starting
Dec 20 11:38:03 filer systemd[1]: Started NFS Mount Daemon.
-- Subject: Unit nfs-mountd.service has finished start-up
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- Unit nfs-mountd.service has finished starting up.
I am trying to use nfs 4.1 (not 4) with no kerberos, but cant figure out how to start it up.
If I take out the " --no-nfs-version 4" then nfs-server starts up ok, but I have version 4 enabled where I only want version 4.1 and higher working:
root@filer:~# cat /proc/fs/nfsd/versions
-2 -3 +4 +4.1 +4.2
root@filer:~#
-- Package-specific info:
-- rpcinfo --
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100003 3 tcp 2049 nfs
100227 3 tcp 2049
100003 3 udp 2049 nfs
100227 3 udp 2049
100024 1 udp 51907 status
100024 1 tcp 59263 status
100003 4 tcp 2049 nfs
100003 4 udp 2049 nfs
100021 1 udp 38357 nlockmgr
100021 3 udp 38357 nlockmgr
100021 4 udp 38357 nlockmgr
100021 1 tcp 36441 nlockmgr
100021 3 tcp 36441 nlockmgr
100021 4 tcp 36441 nlockmgr
-- /etc/default/nfs-kernel-server --
RPCNFSDCOUNT=8
RPCNFSDPRIORITY=0
RPCMOUNTDOPTS="--manage-gids --debug all"
NEED_SVCGSSD=no
RPCNFSDCOUNT="64 --no-nfs-version 3 --no-nfs-version 4"
-- /etc/exports --
-- System Information:
Debian Release: 9.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-4-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nfs-kernel-server depends on:
ii init-system-helpers 1.48
ii keyutils 1.5.9-9
ii libblkid1 2.29.2-1
ii libc6 2.24-11+deb9u1
ii libcap2 1:2.25-1
ii libsqlite3-0 3.16.2-5+deb9u1
ii libtirpc1 0.2.5-1.2
ii libwrap0 7.6.q-26
ii lsb-base 9.20161125
ii netbase 5.4
ii nfs-common 1:1.3.4-2.1
ii ucf 3.0036
nfs-kernel-server recommends no packages.
nfs-kernel-server suggests no packages.
-- no debconf information
Reply to: