NFS - Kerberos - Ubuntu

Sascha mlist at xtc4nrg.com
Sun May 15 13:15:54 EDT 2011 

Hi,
I am using Ubuntu 11.04 with threes KVM and three virtual servers in it. One
forDNS/DHCP (probably not relevant for this topic), one with kerberos and ldap
named authenticate) and one with NFS (named file). And a client, also running
Ubuntu 11.04, named blacklin.

Ldap and Kerberos are probably working as intended, as I can login to the
client with the credentials specified in LDAP and kerberos.
However, when I am trying to mount the NFS shares on the client I get an error
message:
mount.nfs4: access denied by server while mounting file:/

Disabling the kerberos authentication in export the shares can be mounted
successfully. So I am assuming that it is an issue between NFS and Kerberos.

Saying that, I have made some trouble shooting.
Running rpc.svcgssd -f -vvvv on the NFS server while doing a mount on the
client is showing the following:

entering poll
leaving poll
handling null request
sname = nfs/blacklin.xtc4nrg.com at XTC4NRG.COM
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall
mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84157 from now), clnt:
nfs at blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
: qword_eol: fflush failed: errno 95 (Operation not supported)
WARNING: error writing to downcall channel
/proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
sending null reply
writing message: \x \x6080... DELETED ALL THE HEX FOR BETTER READBILITY ... 772
finished handling null request
entering poll
leaving poll
handling null request
sname = nfs/blacklin.xtc4nrg.com at XTC4NRG.COM
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall
mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84157 from now),clnt:
nfs at blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
: qword_eol: fflush failed: errno 95 (Operation not supported)
WARNING: error writing to downcall channel
/proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
sending null reply
writing message: \x \x602... DELETED ALL THE HEX FOR BETTER READBILITY ... 012
finished handling null request
entering poll
leaving poll
handling null request
sname = nfs/blacklin.xtc4nrg.com at XTC4NRG.COM
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall
mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84156 from now),clnt:
nfs at blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
: qword_eol: fflush failed: errno 95 (Operation not supported)
WARNING: error writing to downcall channel
/proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
sending null reply
writing message: \x \x6082021b... DELETED ALL THE HEX FOR BETTER READBILITY ...
9eab8 
finished handling null request
entering poll
leaving poll
handling null request
sname = nfs/blacklin.xtc4nrg.com at XTC4NRG.COM
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall
mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84156 from now),clnt:
nfs at blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
: qword_eol: fflush failed: errno 95 (Operation not supported)
WARNING: error writing to downcall channel
/proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
sending null reply
writing message: \x \x6082021... DELETED ALL THE HEX FOR BETTER READBILITY ...
85987 
finished handling null request

=========================================

Looking at the error message:
qword_eol: fflush failed: errno 95 (Operation not supported)
WARNING: error writing to downcall channel
/proc/net/rpc/auth.rpcsec.context/channel: Operation not supported

I have googled around and found that a similar error was discussed in this
mailing list, but unfortunately it did not solve my issue.

Please let me know if you need to know some specific settings or if you want me
to check any settings.

Any hint in troubleshooting this issue is highly appreciated.

Thanks,
Sascha

More information about the Kerberos mailing list