Re: error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)

To: debian-user@lists.debian.org
Subject: Re: error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)
From: Arno Schuring <aelschuring@hotmail.com>
Date: Wed, 16 Nov 2011 20:34:50 +0100
Message-id: <[🔎] 20111116203450.5f5567f7@neminis.intra.loos.site>
In-reply-to: <[🔎] op.v4y3v8kor9kh6q@odmen.sag.local>
References: <[🔎] op.v4xh2ymnr9kh6q@odmen.sag.local> <[🔎] 20111115003054.74f62bd0@neminis.intra.loos.site> <[🔎] op.v4y3v8kor9kh6q@odmen.sag.local>

Kramarenko A. Maksim (Mc.Sim@k-max.name on 2011-11-15 09:51 +0400):
> Arno Schuring <aelschuring@hotmail.com> писал(а) в своём письме Tue,
> 15 Nov 2011 03:30:54 +0400:
> 
> > Kramarenko A. Maksim (Mc.Sim@k-max.name on 2011-11-14 13:02 +0400):
> >> Hello, All!
> >> Tired of "fighting" with Kreberos.
> >> The second week I can not properly configure the server  NFSv4 and
> >> domain on Win 2k8 R2 via kerberos. Kinit command, etc. work
> >> properly and get tickets from the KDC:
> >
> >> =============================
> >> ...daemon.log.....
> >> Nov 8 13:50:10 archiv rpc.gssd[2067]: WARNING: KDC has no support
> >> for encryption type while getting initial ticket for principal
> >> 'nfs/archiv.sag.local@SAG.LOCAL' using keytab
> >
> > If this is the cause, and it seems to be, then your kernel is
> > simply too old. The default kernel in Squeeze only support des-cbc
> > encryption for NFS, and that is deprecated. On Linux systems the
> > workaround is to specify allow_weak_crypto in krb5.conf, but I'm
> > not aware of a workaround for Windows.
> >
> > Maybe try a newer kernel, e.g. from backports?
> >
> >
> > Regards,
> > Arno
> >
> >
> Thanks for the answer.
> Arno,
> I upgraded from backports kernel and NFS (nfs-common and
> nfs-kernel-server), but now I have the following error when mounting:
> ARCHIV ~ # uname -a
> Linux ARCHIV 2.6.39-bpo.2-686-pae #1 SMP Thu Aug 4 11:02:22 UTC
> 2011 i686 GNU/Linux
> client:
> ==============
[..]
> Nov 15 00:06:32 debian rpc.gssd[1730]: Success getting keytab entry
> for 'nfs/debian.sag.local@SAG.LOCAL'

Seems good...

> =============== ... and server: =============== 
> Nov 15 00:06:34 archiv rpc.svcgssd[1097]: ERROR: GSS-API: error in
> handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified
> GSS failure. Minor code may provide more information) - No supported
> encryption types (config file error?)
> Nov 15 00:06:34 archiv rpc.svcgssd[1097]: ERROR: GSS-API: error in
> handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified
> GSS failure. Minor code may provide more information) - No supported
> encryption types (config file error?)

The server does not seem to accept the encryption type, or the KDC
(Windows) is rejecting the negotiation. Does the client keytab contain
multiple encryption types (klist -k -e)?

Can the server mount itself? Try mounting the exported directories on
the server to see if that works.

You might get more response on linux-nfs@vger.kernel.org


Regards,
Arno

Reply to:

Follow-Ups:
- Re: error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)
  - From: "Kramarenko A. Maksim " <Mc.Sim@k-max.name>

References:
- error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)
  - From: "Kramarenko A. Maksim " <Mc.Sim@k-max.name>
- Re: error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)
  - From: Arno Schuring <aelschuring@hotmail.com>
- Re: error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)
  - From: "Kramarenko A. Maksim " <Mc.Sim@k-max.name>

Prev by Date: Re: Gnome workspace manager has disappeared -- Help!
Next by Date: Re: KVM networking.
Previous by thread: Re: error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)
Next by thread: Re: error when configuring the Kerberos NFSv4 on Debian 6.0.3 (in testing no error)
Index(es):
- Date
- Thread