Re: ошибка при монтировании NFSv4 + Kerberos AD Win 2008 R2
Dmitry A. Zhiglov <dmitry.zhiglov@gmail.com> писал(а) в своём письме Fri,
11 Nov 2011 17:10:42 +0400:
11 ноября 2011 г. 15:15 пользователь Kramarenko A. Maksim
<maxim@kramarenko.pro> написал:
Kerberos вроде работает, но NFS отказывается (((
Мне тоже кажется что в gss дело.
Экспортирование вот такое?
/archiv-big gss/krb5(rw,sync,nohide,no_subtree_check,crossmnt)
Может имеет смысл попробовать gss/krb5i ?
И пройтись по tips из документа [1]
--
[1] http://wiki.debian.org/NFS/Kerberos
Крберос с Win2k8 корректно заработал только на скачанном
wheezy-дистрибутиве.
Я попробовал в squeeze установить nfs-common и krb5-user c зависимостями
из тестовой ветки, но при монтировании rpc.gssd безнадежно падает.
Причем сам процесс остается, но уже не на что не реагирует и при второй
попытке монтирования, команда mount завершается таймаутом.
В лог при монтировании вот что сыпется:
===================================
Nov 13 01:43:25 nfs-client rpc.gssd[573]: handling gssd upcall
(/var/lib/nfs/rpc_pipefs/nfs/clnt0)
Nov 13 01:43:25 nfs-client rpc.gssd[573]: handle_gssd_upcall: 'mech=krb5
uid=0 '
Nov 13 01:43:25 nfs-client rpc.gssd[573]: handling krb5 upcall
(/var/lib/nfs/rpc_pipefs/nfs/clnt0)
Nov 13 01:43:25 nfs-client rpc.gssd[573]: process_krb5_upcall: service is
'<null>'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Full hostname for
'debian.sag.local' is 'debian.sag.local'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Full hostname for
'nfs-client.sag.local' is 'nfs-client.sag.local'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Key table entry not found while
getting keytab entry for 'NFS-CLIENT$@SAG.LOCAL'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Key table entry not found while
getting keytab entry for 'root/nfs-client.sag.local@SAG.LOCAL'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Success getting keytab entry for
'nfs/nfs-client.sag.local@SAG.LOCAL'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Successfully obtained machine
credentials for principal 'nfs/nfs-client.sag.local@SAG.LOCAL' stored in
ccache 'FILE:/tmp/krb5cc_machine_SAG.LOCAL'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321170228
Nov 13 01:43:25 nfs-client rpc.gssd[573]: using
FILE:/tmp/krb5cc_machine_SAG.LOCAL as credentials cache for machine creds
Nov 13 01:43:25 nfs-client rpc.gssd[573]: using environment variable to
select krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCAL
Nov 13 01:43:25 nfs-client rpc.gssd[573]: creating context using fsuid 0
(save_uid 0)
Nov 13 01:43:25 nfs-client rpc.gssd[573]: creating tcp client for server
debian.sag.local
Nov 13 01:43:25 nfs-client rpc.gssd[573]: DEBUG: port already set to 2049
Nov 13 01:43:25 nfs-client rpc.gssd[573]: creating context with server
nfs@debian.sag.local
Nov 13 01:43:25 nfs-client rpc.gssd[573]: WARNING: Failed to create krb5
context for user with uid 0 for server debian.sag.local
Nov 13 01:43:25 nfs-client rpc.gssd[573]: WARNING: Failed to create
machine krb5 context with credentials cache
FILE:/tmp/krb5cc_machine_SAG.LOCAL for server debian.sag.local
Nov 13 01:43:25 nfs-client rpc.gssd[573]: WARNING: Machine cache is
prematurely expired or corrupted trying to recreate cache for server
debian.sag.local
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Full hostname for
'debian.sag.local' is 'debian.sag.local'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Full hostname for
'nfs-client.sag.local' is 'nfs-client.sag.local'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Key table entry not found while
getting keytab entry for 'NFS-CLIENT$@SAG.LOCAL'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Key table entry not found while
getting keytab entry for 'root/nfs-client.sag.local@SAG.LOCAL'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: Success getting keytab entry for
'nfs/nfs-client.sag.local@SAG.LOCAL'
Nov 13 01:43:25 nfs-client rpc.gssd[573]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321170228
Nov 13 01:43:25 nfs-client rpc.gssd[573]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321170228
Nov 13 01:43:25 nfs-client rpc.gssd[573]: using
FILE:/tmp/krb5cc_machine_SAG.LOCAL as credentials cache for machine creds
Nov 13 01:43:25 nfs-client rpc.gssd[573]: using environment variable to
select krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCAL
Nov 13 01:43:25 nfs-client rpc.gssd[573]: creating context using fsuid 0
(save_uid 0)
Nov 13 01:43:25 nfs-client rpc.gssd[573]: creating tcp client for server
debian.sag.local
Nov 13 01:43:25 nfs-client rpc.gssd[573]: DEBUG: port already set to 2049
Nov 13 01:43:25 nfs-client rpc.gssd[573]: creating context with server
nfs@debian.sag.local
Nov 13 01:43:25 nfs-client rpc.gssd[573]: WARNING: Failed to create krb5
context for user with uid 0 for server debian.sag.local
Nov 13 01:43:25 nfs-client rpc.gssd[573]: WARNING: Failed to create
machine krb5 context with credentials cache
FILE:/tmp/krb5cc_machine_SAG.LOCAL for server debian.sag.local
Nov 13 01:43:25 nfs-client rpc.gssd[573]: WARNING: Failed to create
machine krb5 context with any credentials cache for server debian.sag.local
Nov 13 01:43:25 nfs-client rpc.gssd[573]: doing error downcall
Nov 13 01:43:25 nfs-client rpc.gssd[573]: dir_notify_handler: sig 37 si
0xbf9d483c data 0xbf9d48bc
Nov 13 01:43:25 nfs-client rpc.gssd[573]: dir_notify_handler: sig 37 si
0xbf9d483c data 0xbf9d48bc
Nov 13 01:43:25 nfs-client rpc.gssd[573]: dir_notify_handler: sig 37 si
0xbf9d483c data 0xbf9d48bc
Nov 13 01:43:25 nfs-client rpc.gssd[573]: dir_notify_handler: sig 37 si
0xbf9d483c data 0xbf9d48bc
Nov 13 01:43:25 nfs-client rpc.gssd[573]: dir_notify_handler: sig 37 si
0xbf9d483c data 0xbf9d48bc
Nov 13 01:43:25 nfs-client rpc.gssd[573]: dir_notify_handler: sig 37 si
0xbf9d483c data 0xbf9d48bc
Nov 13 01:43:25 nfs-client rpc.gssd[573]: destroying client
/var/lib/nfs/rpc_pipefs/nfs/clnt0
===================================================
Как видно, керберос вроде как отрабатывает, но монтирования как такового
не происходит :(
--
C Уважением,
Reply to: