gss_s_bad_qop when mounting nfs

Podrigal, Aron aronp at guaranteedplus.com
Mon Jun 22 02:40:09 EDT 2015


Hi, I am a bit lost and tired on this issue I'm having. I was able to setup
kerberos with nfs on multiple servers all running Debian wheezy with kernel
version 3.2.0-4-amd64. But, one server (actually the one I want the nfs
exports to reside on) which is running a RHEL kernel 2.6.32-29-pve I'm
having problems mounting its exports.

It took me some time to figure out where the problem is happening, I've now
 tracked down where what the issue is.


Here is the log messages for rpc.svcgssd.


*svcgssd_limit_krb5_enctypes: Calling gss_set_allowable_enctypes with 7
enctypes from the kernel*
*WARNING: gss_accept_sec_context failed*
*ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context():
GSS_S_FAILURE (Unspecified GSS failure.  Minor code may provide more
information) - Invalid argument*
*sending null reply*
*writing message: \x
\x6082028406092a864886f71201020201006e8202733082026fa003020105a10302010ea20703050020000000a38201726182016e3082016aa003020105a10e1b0c4d4f4e474f5042582e4e4554a2263024a003020103a11d301b1b036e66731b146d666c2d7673312e6d6f6e676f7062782e6e6574a382012930820125a003020112a103020105a28201170482011390df922f6a3f13cc1d4e7b6009b5ce1e721f69a3c1614cd8a5658fedb56af849f10e1f7da68e38ee8b052d5071ce843f46e75c5201cc532ded197e6015741c83ae9fa5d4718b32b1138fc56961a708afd26132069329774d810c23ab12578619a88cd38f5daa04ffaa70ab47c3055f6728b21b6d8ea617df0610b4e78ae2238e96d95e72de9898c42d65f039a2e57090c3fb752b800a1fbd384996be02825a1658bac60343054ec5a235e2786e47b35b62c8abf7cabede9d3e25b759886d19ad9bc89a7491e21ea6100527f985eb893df8a1dcab197e27080a3613cd5c34f55f30eccf40d90e70450d83dbc1a374965d5eb24778e44d2a5f1efd5d796ce6869928c79125ef95cee2d9e92753597b4bf28947a9a481e33081e0a003020112a281d80481d598f3043ec9c62eef9a3d14936db04f9d02b646b81867f5daf70efde3280042e3ff525b514f6e90dede10e650c3f037f10d517687cd2881d46ec2d0d2f8930ec3fc1a0455d83a668a297d196572cc644787750e9f4bdf9b77d96510150618d7d9633f64614b12913d50cc52a75073d2327b015bbf44e97b81e32d31571d2cd636c170ae5d3e15b5d8b6c4c4c886e2482eb95b821f1b02c0fb6c1ab34f2a9ee19e19db568531da4eb4286526a374b07eb1915665aba93839206a7d82e0ef374da34e042424e1bd99fca55c2049df1a680f1c6fae3a3f
1434954497 851968 22 \x \x *
*finished handling null request*
*entering poll*






The error messages are not much descriptive, and for someone not very
familiar with all this it gives no clue what the problem is. So I modified
the source code to add some printf stmts to print the values for all
possibly returned macros, which is

gss_s_call_inaccessible_read = 16777216
gss_s_call_inaccessible_write = 33554432
gss_s_call_bad_structure     = 50331648
gss_s_bad_mech            = 65536
gss_s_bad_name            = 131072
gss_s_bad_nametype        = 196608
gss_s_bad_bindings        = 262144
gss_s_bad_status          = 327680
gss_s_bad_sig             = 393216
gss_s_no_cred             = 458752
gss_s_no_context          = 524288
gss_s_defective_token     = 589824
gss_s_defective_credential= 655360
gss_s_credentials_expired = 720896
gss_s_context_expired     = 786432
gss_s_failure             = 851968
gss_s_bad_qop             = 917504
gss_s_unauthorized        = 983040
gss_s_unavailable         = 1048576
gss_s_duplicate_element   = 1114112
gss_s_name_not_mn         = 1179648

and found that *gss_accept_sec_context* returned *GSS_S_BAD_QOP*.  So what
I am looking for help is what may cause this to happen on Linux 2.6.x? does
this make sense at all? or probably something else?


Thank You.



-- 
Aron Podrigal
-
//Be happy :-)


More information about the Kerberos mailing list