On 28/08/11 04:28, Bastian Blank wrote:
On Sun, Aug 28, 2011 at 04:19:48AM +1000, Jiri Kanicky wrote:
ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context():
GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more
information) - No supported encryption types (config file error?)
The error is different from the first one. Did you configure both the
server and client with this encryption type?
Bastian
Hi Bastian.
Let me summarize all the setting and logs for each server and client:
KRB5/LDAP/NFS4 SERVER (maverick)
========================
maverick:/home/ganomi/# cat /etc/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 750,88
[realms]
FIRM.LOCAL = {
database_name = /var/lib/krb5kdc/principal
admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/stash
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = des3-hmac-sha1
supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
des:normal des:v4 des:norealm des:onlyrealm des:afs3 aes256-cts:normal
aes128-cts:normal des3-cbc-sha16:normal
default_principal_flags = +preauth
}
maverick:/home/ganomi/# klist -ke /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
5 nfs/[email protected] (des3-cbc-sha1)
5 nfs/[email protected] (des-cbc-crc)
6 nfs/[email protected] (aes256-cts-hmac-sha1-96)
maverick:/home/ganomi/# rpc.svcgssd -fvvv
entering poll
leaving poll
handling null request
WARNING: gss_accept_sec_context failed
ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context():
GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more
information) - No supported encryption types (config file error?)
sending null reply
writing message: \x \x608202c706092a86... ...1314468539 851968
2529639149 \x \x
finished handling null request
CLIENT (knightrider)
==============
root@knightrider:/home/ganomi# klist -ke /etc/krb5.keytab
Keytab name: WRFILE:/etc/krb5.keytab
KVNO Principal
----
--------------------------------------------------------------------------
7 nfs/[email protected]
<mailto:nfs/[email protected]> (aes256-cts-hmac-sha1-96)
root@knightrider:/home/ganomi# rpc.gssd -fvvv
ir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00
dir_notify_handler: sig 37 si 0x7fff26022470 data 0x7fff26022340
dir_notify_handler: sig 37 si 0x7fff26022470 data 0x7fff26022340
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt17)
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt17)
process_krb5_upcall: service is '<null>'
Full hostname for 'maverick.firm.local' is 'maverick.firm.local'
Full hostname for 'knightrider.firm.local' is 'knightrider.firm.local'
No key table entry found for [email protected] while getting
keytab entry for '[email protected]'
No key table entry found for root/[email protected]
while getting keytab entry for 'root/[email protected]'
Success getting keytab entry for 'nfs/[email protected]'
Successfully obtained machine credentials for principal
'nfs/[email protected]' stored in ccache
'FILE:/tmp/krb5cc_machine_FIRM.LOCAL'
INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_FIRM.LOCAL' are good
until 1314506238
using FILE:/tmp/krb5cc_machine_FIRM.LOCAL as credentials cache for
machine creds
using environment variable to select krb5 ccache
FILE:/tmp/krb5cc_machine_FIRM.LOCAL
creating context using fsuid 0 (save_uid 0)
creating tcp client for server maverick.firm.local
DEBUG: port already set to 2049
creating context with server [email protected]
WARNING: Failed to create krb5 context for user with uid 0 for server
maverick.firm.local
WARNING: Failed to create machine krb5 context with credentials cache
FILE:/tmp/krb5cc_machine_FIRM.LOCAL for server maverick.firm.local
WARNING: Machine cache is prematurely expired or corrupted trying to
recreate cache for server maverick.firm.local
Full hostname for 'maverick.firm.local' is 'maverick.firm.local'
Full hostname for 'knightrider.firm.local' is 'knightrider.firm.local'
No key table entry found for [email protected] while getting
keytab entry for '[email protected]'
No key table entry found for root/[email protected]
while getting keytab entry for 'root/[email protected]'
Success getting keytab entry for 'nfs/[email protected]'
INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_FIRM.LOCAL' are good
until 1314506238
INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_FIRM.LOCAL' are good
until 1314506238
using FILE:/tmp/krb5cc_machine_FIRM.LOCAL as credentials cache for
machine creds
using environment variable to select krb5 ccache
FILE:/tmp/krb5cc_machine_FIRM.LOCAL
creating context using fsuid 0 (save_uid 0)
creating tcp client for server maverick.firm.local
DEBUG: port already set to 2049
creating context with server [email protected]
WARNING: Failed to create krb5 context for user with uid 0 for server
maverick.firm.local
WARNING: Failed to create machine krb5 context with credentials cache
FILE:/tmp/krb5cc_machine_FIRM.LOCAL for server maverick.firm.local
WARNING: Failed to create machine krb5 context with any credentials
cache for server maverick.firm.local
doing error downcall
dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00
dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00
dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00
dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00
dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00
dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00
dir_notify_handler: sig 37 si 0x7fff26026b30 data 0x7fff26026a00
destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt18
destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt17
