Due to a recent update on Javascript code a full page refresh on your browser might be needed.
Bug 1005231 - wrong ad machine name principal search in rpc.gssd
Summary: wrong ad machine name principal search in rpc.gssd
Keywords:
Status: CLOSED DUPLICATE of bug 1067423
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils
Version: 6.4
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-09-06 13:31 UTC by E. de Vries
Modified: 2014-06-09 13:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-28 17:16:03 UTC
Target Upstream Version:


Attachments (Terms of Use)
patch for short hostname (490 bytes, patch)
2013-09-06 13:31 UTC, E. de Vries
no flags Details | Diff
patch nfs-utils 1.2.8 version to only use the short host name to create AD style principal (595 bytes, patch)
2013-12-06 16:20 UTC, David Mansfield
no flags Details | Diff

Description E. de Vries 2013-09-06 13:31:05 UTC
Created attachment 794739 [details]
patch for short hostname

Description of problem:

rpc.gssd is searching for a AD machine name principal with full qualified domain name in stead of the short name.

log with rpc.gssd -vvv (domain and realm name changed)

Sep  6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for KOVA-01.EXAMPLE.COM$@REALM while getting keytab entry for 'KOVA-01.EXAMPLE.COM$@REALM'
Sep  6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for root/kova-01.example.com@REALM while getting keytab entry for 'root/kova-01.example.com@REALM'
Sep  6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for nfs/kova-01.example.com@REALM while getting keytab entry for 'nfs/kova-01.example.com@REALM'
Sep  6 10:51:03 kova-01 rpc.gssd[1734]: Success getting keytab entry for 'host/kova-01.example.com@REALM'

The search for key table entry KOVA-01.EXAMPLE.COM$@REALM should be KOVA-01$@REALM to get a valid AD machine account name.

Version-Release number of selected component (if applicable):

nfs-utils-1.2.3-36

Additional info:

The code for the generation of the ad machine name principal is found in the 
nfs-utils-1.2.3-krb5-ad-style.patch in the nfs-utils-1.2.3-36.el6.src.rpm. A minor change in the patchfile solves this problem. You will find a patch for the patchfile as attachment.

The patch works fine in my case and generates the short machine name without domain.

Regards,
Erik de Vries

Comment 2 RHEL Program Management 2013-10-14 02:20:37 UTC
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 3 David Mansfield 2013-12-06 15:49:17 UTC
this bug also exists in latest nfs-utils (nfs-utils-1.2.8-6.0.fc19.x86_64) for fedora 19, in which the patched patch nfs-utils-1.2.3-krb5-ad-style-short-host.patch has already been integrated.  however the same basic change looks like it would work. should a separate bug be opened for Fedora?

Comment 4 David Mansfield 2013-12-06 16:20:05 UTC
Created attachment 833678 [details]
patch nfs-utils 1.2.8 version to only use the short host name to create AD style principal

This attachment is the exact same change as the patch against the RHEL 6 version, but against the current fedora 19 nfs-utils version (nfs-utils-1.2.8-6.0).

I have tested that it "works" for retrieving the correct key from the local keytab in a standard winbind environment where HOST$@REALM.COM is present, but the value returned by "gethostname" is "host.domain.com".

I'm happy to open a separate bug against Fedora if desired.

Comment 5 Steve Dickson 2013-12-10 21:44:35 UTC
(In reply to David Mansfield from comment #4)
> Created attachment 833678 [details]
> patch nfs-utils 1.2.8 version to only use the short host name to create AD
> style principal
> 
> This attachment is the exact same change as the patch against the RHEL 6
> version, but against the current fedora 19 nfs-utils version
> (nfs-utils-1.2.8-6.0).
> 
> I have tested that it "works" for retrieving the correct key from the local
> keytab in a standard winbind environment where HOST$@REALM.COM is present,
> but the value returned by "gethostname" is "host.domain.com".
> 
> I'm happy to open a separate bug against Fedora if desired.
Would you be comfortable sending a patch to the NFS upstream community?

The HOWTO is here:
    https://www.kernel.org/doc/Documentation/SubmittingPatches

And the list address is:
 Linux NFS Mailing list <linux-nfs@vger.kernel.org>

I'll more than willing to help you through the process...

Comment 6 Steve Dickson 2014-04-28 17:16:03 UTC

*** This bug has been marked as a duplicate of bug 1067423 ***

Comment 7 David Mansfield 2014-06-09 13:11:43 UTC
I got a NEEDINFO tickler but I think bugzilla is confused. AFAICT this  issue is probably fixed upstream (see dup).


Note You need to log in before you can comment on or make changes to this bug.