RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1005231 - wrong ad machine name principal search in rpc.gssd
Summary: wrong ad machine name principal search in rpc.gssd
Keywords:
Status: CLOSED DUPLICATE of bug 1067423
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nfs-utils
Version: 6.4
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Steve Dickson
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-09-06 13:31 UTC by E. de Vries
Modified: 2014-06-09 13:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-04-28 17:16:03 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
patch for short hostname (490 bytes, patch)
2013-09-06 13:31 UTC, E. de Vries 		no flags Details | Diff
patch nfs-utils 1.2.8 version to only use the short host name to create AD style principal (595 bytes, patch)
2013-12-06 16:20 UTC, David Mansfield 		no flags Details | Diff
View All

Description E. de Vries 2013-09-06 13:31:05 UTC 
Created attachment 794739 [details]
patch for short hostname

Description of problem:

rpc.gssd is searching for a AD machine name principal with full qualified domain name in stead of the short name.

log with rpc.gssd -vvv (domain and realm name changed)

Sep  6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for KOVA-01.EXAMPLE.COM$@REALM while getting keytab entry for 'KOVA-01.EXAMPLE.COM$@REALM'
Sep  6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for root/kova-01.example.com@REALM while getting keytab entry for 'root/kova-01.example.com@REALM'
Sep  6 10:51:03 kova-01 rpc.gssd[1734]: No key table entry found for nfs/kova-01.example.com@REALM while getting keytab entry for 'nfs/kova-01.example.com@REALM'
Sep  6 10:51:03 kova-01 rpc.gssd[1734]: Success getting keytab entry for 'host/kova-01.example.com@REALM'

The search for key table entry KOVA-01.EXAMPLE.COM$@REALM should be KOVA-01$@REALM to get a valid AD machine account name.

Version-Release number of selected component (if applicable):

nfs-utils-1.2.3-36

Additional info:

The code for the generation of the ad machine name principal is found in the 
nfs-utils-1.2.3-krb5-ad-style.patch in the nfs-utils-1.2.3-36.el6.src.rpm. A minor change in the patchfile solves this problem. You will find a patch for the patchfile as attachment.

The patch works fine in my case and generates the short machine name without domain.

Regards,
Erik de Vries
Comment 2 RHEL Program Management 2013-10-14 02:20:37 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 3 David Mansfield 2013-12-06 15:49:17 UTC 
this bug also exists in latest nfs-utils (nfs-utils-1.2.8-6.0.fc19.x86_64) for fedora 19, in which the patched patch nfs-utils-1.2.3-krb5-ad-style-short-host.patch has already been integrated.  however the same basic change looks like it would work. should a separate bug be opened for Fedora?
Comment 4 David Mansfield 2013-12-06 16:20:05 UTC 
Created attachment 833678 [details]
patch nfs-utils 1.2.8 version to only use the short host name to create AD style principal

This attachment is the exact same change as the patch against the RHEL 6 version, but against the current fedora 19 nfs-utils version (nfs-utils-1.2.8-6.0).

I have tested that it "works" for retrieving the correct key from the local keytab in a standard winbind environment where HOST$@REALM.COM is present, but the value returned by "gethostname" is "host.domain.com".

I'm happy to open a separate bug against Fedora if desired.
Comment 5 Steve Dickson 2013-12-10 21:44:35 UTC 
(In reply to David Mansfield from comment #4)
> Created attachment 833678 [details]
> patch nfs-utils 1.2.8 version to only use the short host name to create AD
> style principal
> 
> This attachment is the exact same change as the patch against the RHEL 6
> version, but against the current fedora 19 nfs-utils version
> (nfs-utils-1.2.8-6.0).
> 
> I have tested that it "works" for retrieving the correct key from the local
> keytab in a standard winbind environment where HOST$@REALM.COM is present,
> but the value returned by "gethostname" is "host.domain.com".
> 
> I'm happy to open a separate bug against Fedora if desired.
Would you be comfortable sending a patch to the NFS upstream community?

The HOWTO is here:
    https://www.kernel.org/doc/Documentation/SubmittingPatches

And the list address is:
 Linux NFS Mailing list <linux-nfs.org>

I'll more than willing to help you through the process...
Comment 6 Steve Dickson 2014-04-28 17:16:03 UTC 

*** This bug has been marked as a duplicate of bug 1067423 ***
Comment 7 David Mansfield 2014-06-09 13:11:43 UTC 
I got a NEEDINFO tickler but I think bugzilla is confused. AFAICT this  issue is probably fixed upstream (see dup).
Note You need to log in before you can comment on or make changes to this bug.