NFS - Kerberos - Ubuntu

Kevin Coffman kwc at umich.edu
Mon May 16 17:11:28 EDT 2011 

I'm sure this is better asked on an NFS or Linux list, rather than Kerberos.

Check to see if all the required kernel modules are loaded.
(rpcsec_gss_krb5 in particular)

K.C.


On Sun, May 15, 2011 at 1:15 PM, Sascha <mlist at xtc4nrg.com> wrote:
> Hi,
> I am using Ubuntu 11.04 with threes KVM and three virtual servers in it. One
> forDNS/DHCP (probably not relevant for this topic), one with kerberos and ldap
> named authenticate) and one with NFS (named file). And a client, also running
> Ubuntu 11.04, named blacklin.
>
> Ldap and Kerberos are probably working as intended, as I can login to the
> client with the credentials specified in LDAP and kerberos.
> However, when I am trying to mount the NFS shares on the client I get an error
> message:
> mount.nfs4: access denied by server while mounting file:/
>
> Disabling the kerberos authentication in export the shares can be mounted
> successfully. So I am assuming that it is an issue between NFS and Kerberos.
>
> Saying that, I have made some trouble shooting.
> Running rpc.svcgssd -f -vvvv on the NFS server while doing a mount on the
> client is showing the following:
>
> entering poll
> leaving poll
> handling null request
> sname = nfs/blacklin.xtc4nrg.com at XTC4NRG.COM
> DEBUG: serialize_krb5_ctx: lucid version!
> prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
> doing downcall
> mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84157 from now), clnt:
> nfs at blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
> : qword_eol: fflush failed: errno 95 (Operation not supported)
> WARNING: error writing to downcall channel
> /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
> sending null reply
> writing message: \x \x6080... DELETED ALL THE HEX FOR BETTER READBILITY ... 772
> finished handling null request
> entering poll
> leaving poll
> handling null request
> sname = nfs/blacklin.xtc4nrg.com at XTC4NRG.COM
> DEBUG: serialize_krb5_ctx: lucid version!
> prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
> doing downcall
> mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84157 from now),clnt:
> nfs at blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
> : qword_eol: fflush failed: errno 95 (Operation not supported)
> WARNING: error writing to downcall channel
> /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
> sending null reply
> writing message: \x \x602... DELETED ALL THE HEX FOR BETTER READBILITY ... 012
> finished handling null request
> entering poll
> leaving poll
> handling null request
> sname = nfs/blacklin.xtc4nrg.com at XTC4NRG.COM
> DEBUG: serialize_krb5_ctx: lucid version!
> prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
> doing downcall
> mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84156 from now),clnt:
> nfs at blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
> : qword_eol: fflush failed: errno 95 (Operation not supported)
> WARNING: error writing to downcall channel
> /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
> sending null reply
> writing message: \x \x6082021b... DELETED ALL THE HEX FOR BETTER READBILITY ...
> 9eab8
> finished handling null request
> entering poll
> leaving poll
> handling null request
> sname = nfs/blacklin.xtc4nrg.com at XTC4NRG.COM
> DEBUG: serialize_krb5_ctx: lucid version!
> prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
> doing downcall
> mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84156 from now),clnt:
> nfs at blacklin.xtc4nrg.com, uid: -1, gid: -1, num aux grps: 0:
> : qword_eol: fflush failed: errno 95 (Operation not supported)
> WARNING: error writing to downcall channel
> /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
> sending null reply
> writing message: \x \x6082021... DELETED ALL THE HEX FOR BETTER READBILITY ...
> 85987
> finished handling null request
>
> =========================================
>
> Looking at the error message:
> qword_eol: fflush failed: errno 95 (Operation not supported)
> WARNING: error writing to downcall channel
> /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported
>
> I have googled around and found that a similar error was discussed in this
> mailing list, but unfortunately it did not solve my issue.
>
> Please let me know if you need to know some specific settings or if you want me
> to check any settings.
>
> Any hint in troubleshooting this issue is highly appreciated.
>
> Thanks,
> Sascha
>
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>

More information about the Kerberos mailing list