Red Hat Bugzilla – Bug 218992
Unable to access NFS4/KRB5
Last modified: 2010-09-20 07:04:35 EDT
+++ This bug was initially created as a clone of Bug #218720 +++ Verified the bug on RHEL 5 Beta 2. Description of problem: I have a working kerberized NFS4 setup. Server is RHEL 4 with updated packages: krb5-libs-1.5-3 nfs-utils-lib-1.0.8-7.2 nfs-utils-1.0.9-5 Exports are: /var/lib/nfs4 gss/krb5(rw,fsid=0,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534) /var/lib/nfs4/video gss/krb5(ro,nohide,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534) /var/lib/nfs4/photos gss/krb5(rw,nohide,insecure,no_subtree_check,sync,anonuid=65534,anongid=65534) I regularly access this from another RHEL 4 box with similarly updated packages. I'm trying to access it from FC6. I mount the fs with: mount -t nfs4 -o sec=krb5,fstype=nfs4,hard,intr gideon.revolutionwall.net:/ /mnt/ This succeeds. As a regular user, I kinit and try to access the mount: [mbooth@mbooth ~]$ ls -l /mnt ls: /mnt/photos: No such file or directory ls: /mnt/video: No such file or directory total 16 drwxrwsr-x 157 root vol 8192 Nov 30 19:41 photos drwxrws--- 7 root vol 4096 Oct 23 22:22 video I see the following in /var/log/messages: net/sunrpc/rpc_pipe.c: rpc_lookup_parent failed t o find path /nfs/clnt11/krb5 If I run rpc.gssd on the client manually with -f -vvvvvvvrrrrrrrrr, on mount I also see the error message: Warning: rpc.gssd appears not to be running. If I start rpcgssd with service rpcgssd start, I do not see this message. Nevertheless, in both cases it is most certainly running. SELinux is completely disabled. Version-Release number of selected component (if applicable): nfs-utils-1.0.10-4.fc6 kernel-2.6.18-1.2849.fc6
José Plans did some debugging on this. I did the following: echo 65535 > /proc/sys/sunrpc/nfs_debug echo 32767 > /proc/sys/sunrpc/rpc_debug and tried to access the mount again. There was a great deal of output, but José mentioned the following as being particularly significant: Dec 14 10:41:24 mbooth kernel: RPC: creating GSS authenticator for client dd4a6e00 Dec 14 10:41:24 mbooth kernel: net/sunrpc/rpc_pipe.c: rpc_lookup_parent failed to find path /nfs/clnt4/krb5 Dec 14 10:41:24 mbooth kernel: nfs_init_server_rpcclient: couldn't create credcache!
There is a know problem with the RHEL4 svcgssd daemon... please try RHEL5 to RHEL5... something I was able to get working...
Note that although the server is mostly RHEL 4, I upgraded everything nfs and kerberos related to get this working. nfs-utils on the server is nfs-utils-1.0.9-5. On my RHEL 5 laptop it's nfs-utils-1.0.9-10. Also note that this is a working configuration. I access this server regularly. José Plans suggested this might be related to available ciphers in the kernel. Is that a possibility? Unfortunately I don't have spare hardware to test a RHEL5 server.
yes... the only cipher that is supported is DES... so can I close this bug?
Not really, as this would be a regression. I'm still using a standard RHEL 4 kernel.
This should be fixed in nfs-utils-1.0.6-76
Steve, nfs-utils on the RHEL 4 server is nfs-utils-1.0.9-5. nfs-utils on the RHEL 5 client is nfs-utils-1.0.9-10.el5.i386. These are both higher than nfs-utils-1.0.6-76. Is it nfs-utils or the kernel which doesn't support the required ciphers?
oops... Please disreguard Comment #7 since nfs-utils-1.0.6-76 is the rhel4 nfs-utils... which does fix a problem with secure mounts... > nfs-utils on the RHEL 4 server is nfs-utils-1.0.9-5.... no... that more of a early RHEL5 or FC-6 version... Note, using nfs-utils-1.0.6-76 on the RHEL4 and nfs-utils-1.0.9-16.el5 on the RHEL5 side, I was able to get secure mounts working...
I'm going close this since I am able to get secure mounts working in the latest RHEL5 update.