[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About how to protect network resources in LDAP environment?



Hi

Thank you all!

I am trying to setup testing kerberos /nfs4 server.

(1) is it production ready on Debian Lenny?
While trying to config/setup, it seems sometimes I got some kernel errors with 2.6.26-2-686 #1 SMP
    see the error log at the end.

(2) questions regarding: ktadd keytab

kadmin: addprinc -randkey nfs/myclient.mydomain
kadmin: ktadd nfs/myclient.mydomain

addprinc add some private-keys for services in kerberos db as I understands,
      why/where/which hosts do we need this keytab?
      what's relationship between the data in db and data in keytab?
      are the same private-key data?




/// error log
Aug 30 11:48:49 debian-lenny-clone1 kernel: [248050.911934] NFSD: starting 90-second grace period Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.948376] ------------[ cut here ]------------ Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.948985] kernel BUG at include/linux/module.h:386! Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.949280] invalid opcode: 0000 [#1] SMP Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.949553] Modules linked in: rpcsec_gss_krb5 nfs nfsd lockd nfs_acl auth_rpcgss sunrpc exportfs ipv6 loop snd_pcsp snd_pcm snd_timer serio_raw snd soundcore i2c_piix4 snd_page_alloc psmouse i2c_core evdev ext3 jbd mbcache ide_disk ide_cd_mod cdrom ide_pci_generic piix ide_core ata_generic uhci_hcd libata ne2k_pci usbcore floppy 8390 scsi_mod dock thermal processor fan thermal_sys [last unloaded: scsi_wait_scan]
Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170]
Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] Pid: 5001, comm: nfsd Not tainted (2.6.26-2-686 #1) Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] EIP: 0060:[<d0a4449f>] EFLAGS: 00000246 CPU: 0 Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] EIP is at svc_recv+0x38d/0x64a [sunrpc] Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] EAX: 00000000 EBX: d0a57d40 ECX: d0a57d40 EDX: 00000100 Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] ESI: cec2b000 EDI: c15bbf9c EBP: ccf3e000 ESP: c15bbf8c Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] Process nfsd (pid: 5001, ti=c15ba000 task=c3a3aae0 task.ti=c15ba000) Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] Stack: 000dbba0 cfa7c000 cfa642e0 cec09960 00000000 c3a3aae0 c011b73c 00100100 Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] 00200200 cf42a260 d0a76b0f 00000000 ccf3e000 d0a5d696 fffffeff ffffffff Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] fffffef8 ffffffff d0a5d5c0 00000000 00000000 00000000 c01044f7 ccf3e000
Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] Call Trace:
Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] [<c011b73c>] default_wake_function+0x0/0x8 Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] [<d0a5d696>] nfsd+0xd6/0x268 [nfsd] Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] [<d0a5d5c0>] nfsd+0x0/0x268 [nfsd] Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] [<c01044f7>] kernel_thread_helper+0x7/0x10 Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] ======================= Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] Code: 01 00 00 8b 44 24 04 8b 50 04 ff 52 04 85 c0 89 c6 0f 84 25 01 00 00 8b 00 8b 58 04 85 db 74 1f 89 d8 e8 b8 8a 6f ef 85 c0 75 04 <0f> 0b eb fe 64 a1 04 40 3b c0 c1 e0 05 ff 84 18 00 01 00 00 8b Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.952170] EIP: [<d0a4449f>] svc_recv+0x38d/0x64a [sunrpc] SS:ESP 0068:c15bbf8c Aug 30 11:49:49 debian-lenny-clone1 kernel: [248110.975160] ---[ end trace 18acc2f34cea2d1d ]---



Thanks.

--

Kind Regards

Min Wang


Reply to: