Bug 227602 - gssd requires server to be running portmapper
gssd requires server to be running portmapper
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: nfs-utils (Show other bugs)
4.4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Layton
:
: 225154 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-06 19:39 EST by Jeff Layton
Modified: 2007-11-16 20:14 EST (History)
3 users (show)

See Also:
Fixed In Version: RHBA-2007-0750
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 10:59:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch 1 -- Increase size of rpc send/receive buffers (and skip portmap call) (4.07 KB, patch)
2007-04-13 14:08 EDT, Jeff Layton
no flags Details | Diff
patch -- Use service portion of clp->servicename rather than hard-coding "nfs" (1.25 KB, patch)
2007-04-13 14:10 EDT, Jeff Layton
no flags Details | Diff

  None (edit)
Description Jeff Layton 2007-02-06 19:39:55 EST
RHEL4's gssd requires that the server run the portmapper. On a NFSv4 only host
that isn't running it, v4 krb5 mounts fail with an error message similar to:

Feb  6 19:07:40 redhat-22 rpc.gssd[2856]: WARNING: can't create rpc_clnt for
server foo.bar.baz for user with uid 0: RPC: Remote system error - No route to
host  

There were some patches that went upstream from Bruce Fields that should fix
this but they need to be backported:

http://linux-nfs.org/pipermail/nfsv4/2005-December/003120.html
Comment 1 Jeff Layton 2007-02-08 10:47:49 EST
Link to different archive that wont munge the patch.

http://marc.10east.com/?t=113466497100012&r=1&w=2
Comment 2 Jeff Layton 2007-04-13 14:08:33 EDT
Created attachment 152566 [details]
patch 1 -- Increase size of rpc send/receive buffers (and skip portmap call)

Actually, this was Kevin Coffman's patch, I think. Description:

Change the clnt_create() to use routines which allow us to set the
send and receive buffer size.  This is needed for larger spkm3
exchanges including certificate chains.

This has the side-effect of skipping the portmap call since
we specify the port (by specifying the service) when getting
the server's address information.
Comment 3 Jeff Layton 2007-04-13 14:10:53 EDT
Created attachment 152568 [details]
patch -- Use service portion of clp->servicename rather than hard-coding "nfs"

A follow on patch that removes the hardcoded "nfs" in the service name.
Comment 4 Jeff Layton 2007-04-13 14:14:45 EDT
To test:

Set up a krb5 nfs server (I used a RHEL5 xen guest).

On server:
# service nfs restart
# service portmap stop

On client, mount the filesystem using -o sec=krb5. Without the 2 patches above,
the mount will fail, and gssd will throw an error that it can't create the rpc_clnt.

Comment 5 Jeff Layton 2007-05-08 20:36:15 EDT
*** Bug 225154 has been marked as a duplicate of this bug. ***
Comment 7 RHEL Product and Program Management 2007-05-09 03:54:45 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 9 Jeff Layton 2007-07-16 10:45:26 EDT
Committed in nfs-utils-1.0.6-81.EL4
Comment 13 errata-xmlrpc 2007-11-15 10:59:29 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0750.html

Note You need to log in before you can comment on or make changes to this bug.