Bug 218992 - Unable to access NFS4/KRB5
Summary: Unable to access NFS4/KRB5
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nfs-utils   
(Show other bugs)
Version: 5.0
Hardware: All Linux
Target Milestone: ---
: ---
Assignee: Steve Dickson
QA Contact: Ben Levenson
Depends On: 218720
TreeView+ depends on / blocked
Reported: 2006-12-08 22:25 UTC by Matthew Booth
Modified: 2010-09-20 11:04 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-09-20 11:04:35 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Matthew Booth 2006-12-08 22:25:29 UTC
+++ This bug was initially created as a clone of Bug #218720 +++

Verified the bug on RHEL 5 Beta 2.

Description of problem:
I have a working kerberized NFS4 setup. Server is RHEL 4 with updated packages:

Exports are:

I regularly access this from another RHEL 4 box with similarly updated packages.
I'm trying to access it from FC6.

I mount the fs with:
mount -t nfs4 -o sec=krb5,fstype=nfs4,hard,intr gideon.revolutionwall.net:/ /mnt/
This succeeds. As a regular user, I kinit and try to access the mount:
[mbooth@mbooth ~]$ ls -l /mnt 
ls: /mnt/photos: No such file or directory
ls: /mnt/video: No such file or directory
total 16
drwxrwsr-x 157 root vol 8192 Nov 30 19:41 photos
drwxrws---   7 root vol 4096 Oct 23 22:22 video

I see the following in /var/log/messages:
net/sunrpc/rpc_pipe.c: rpc_lookup_parent failed t
o find path /nfs/clnt11/krb5

If I run rpc.gssd on the client manually with -f -vvvvvvvrrrrrrrrr, on mount I
also see the error message:
Warning: rpc.gssd appears not to be running.

If I start rpcgssd with service rpcgssd start, I do not see this message.
Nevertheless, in both cases it is most certainly running.

SELinux is completely disabled.

Version-Release number of selected component (if applicable):

Comment 1 Matthew Booth 2006-12-14 13:33:19 UTC
José Plans did some debugging on this. I did the following:

echo 65535 > /proc/sys/sunrpc/nfs_debug
echo 32767 > /proc/sys/sunrpc/rpc_debug

and tried to access the mount again. There was a great deal of output, but José
mentioned the following as being particularly significant:

Dec 14 10:41:24 mbooth kernel: RPC:      creating GSS authenticator for client
Dec 14 10:41:24 mbooth kernel: net/sunrpc/rpc_pipe.c: rpc_lookup_parent failed
to find path /nfs/clnt4/krb5
Dec 14 10:41:24 mbooth kernel: nfs_init_server_rpcclient: couldn't create credcache!

Comment 2 Steve Dickson 2006-12-21 15:34:19 UTC
There is a know problem with the RHEL4 svcgssd daemon... please 
try RHEL5 to RHEL5... something I was able to get working... 

Comment 3 Matthew Booth 2006-12-23 00:48:24 UTC
Note that although the server is mostly RHEL 4, I upgraded everything nfs and
kerberos related to get this working. nfs-utils on the server is
nfs-utils-1.0.9-5. On my RHEL 5 laptop it's nfs-utils-1.0.9-10. Also note that
this is a working configuration. I access this server regularly.

José Plans suggested this might be related to available ciphers in the kernel.
Is that a possibility?

Unfortunately I don't have spare hardware to test a RHEL5 server.

Comment 4 Steve Dickson 2006-12-23 01:12:55 UTC
yes... the only cipher that is supported is DES... so can I close this bug?

Comment 5 Matthew Booth 2006-12-23 17:38:10 UTC
Not really, as this would be a regression. I'm still using a standard RHEL 4 kernel.

Comment 6 Steve Dickson 2007-01-05 01:59:10 UTC
This should be fixed in nfs-utils-1.0.6-76

Comment 7 Matthew Booth 2007-01-08 23:28:00 UTC

nfs-utils on the RHEL 4 server is nfs-utils-1.0.9-5. nfs-utils on the RHEL 5
client is nfs-utils-1.0.9-10.el5.i386. These are both higher than

Is it nfs-utils or the kernel which doesn't support the required ciphers?

Comment 8 Steve Dickson 2007-01-09 14:25:04 UTC
oops... Please disreguard Comment #7 since nfs-utils-1.0.6-76 is the rhel4
which does fix a problem with secure mounts...

> nfs-utils on the RHEL 4 server is nfs-utils-1.0.9-5....
no... that more of a early RHEL5 or FC-6 version...

Note, using nfs-utils-1.0.6-76 on the RHEL4 and nfs-utils-1.0.9-16.el5
on the RHEL5 side, I was able to get secure mounts working...

Comment 9 Steve Dickson 2010-09-20 11:04:35 UTC
I'm going close this since I am able to get secure mounts working
in the latest RHEL5 update.

Note You need to log in before you can comment on or make changes to this bug.