Bug 227602 - gssd requires server to be running portmapper
Summary: gssd requires server to be running portmapper
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: nfs-utils (Show other bugs)
(Show other bugs)
Version: 4.4
Hardware: All Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Jeff Layton
QA Contact:
URL:
Whiteboard:
Keywords:
: 225154 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-07 00:39 UTC by Jeff Layton
Modified: 2007-11-17 01:14 UTC (History)
3 users (show)

Fixed In Version: RHBA-2007-0750
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 15:59:29 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch 1 -- Increase size of rpc send/receive buffers (and skip portmap call) (4.07 KB, patch)
2007-04-13 18:08 UTC, Jeff Layton
no flags Details | Diff
patch -- Use service portion of clp->servicename rather than hard-coding "nfs" (1.25 KB, patch)
2007-04-13 18:10 UTC, Jeff Layton
no flags Details | Diff


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0750 normal SHIPPED_LIVE nfs-utils bug fix update 2007-11-14 16:57:05 UTC

Description Jeff Layton 2007-02-07 00:39:55 UTC
RHEL4's gssd requires that the server run the portmapper. On a NFSv4 only host
that isn't running it, v4 krb5 mounts fail with an error message similar to:

Feb  6 19:07:40 redhat-22 rpc.gssd[2856]: WARNING: can't create rpc_clnt for
server foo.bar.baz for user with uid 0: RPC: Remote system error - No route to
host  

There were some patches that went upstream from Bruce Fields that should fix
this but they need to be backported:

http://linux-nfs.org/pipermail/nfsv4/2005-December/003120.html

Comment 1 Jeff Layton 2007-02-08 15:47:49 UTC
Link to different archive that wont munge the patch.

http://marc.10east.com/?t=113466497100012&r=1&w=2

Comment 2 Jeff Layton 2007-04-13 18:08:33 UTC
Created attachment 152566 [details]
patch 1 -- Increase size of rpc send/receive buffers (and skip portmap call)

Actually, this was Kevin Coffman's patch, I think. Description:

Change the clnt_create() to use routines which allow us to set the
send and receive buffer size.  This is needed for larger spkm3
exchanges including certificate chains.

This has the side-effect of skipping the portmap call since
we specify the port (by specifying the service) when getting
the server's address information.

Comment 3 Jeff Layton 2007-04-13 18:10:53 UTC
Created attachment 152568 [details]
patch -- Use service portion of clp->servicename rather than hard-coding "nfs"

A follow on patch that removes the hardcoded "nfs" in the service name.

Comment 4 Jeff Layton 2007-04-13 18:14:45 UTC
To test:

Set up a krb5 nfs server (I used a RHEL5 xen guest).

On server:
# service nfs restart
# service portmap stop

On client, mount the filesystem using -o sec=krb5. Without the 2 patches above,
the mount will fail, and gssd will throw an error that it can't create the rpc_clnt.



Comment 5 Jeff Layton 2007-05-09 00:36:15 UTC
*** Bug 225154 has been marked as a duplicate of this bug. ***

Comment 7 RHEL Product and Program Management 2007-05-09 07:54:45 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 9 Jeff Layton 2007-07-16 14:45:26 UTC
Committed in nfs-utils-1.0.6-81.EL4

Comment 13 errata-xmlrpc 2007-11-15 15:59:29 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0750.html



Note You need to log in before you can comment on or make changes to this bug.