Dmitry A. Zhiglov <dmitry.zhig...@gmail.com> писал(а) в своём письме Fri, 11
Nov 2011 17:10:42 +0400:
11 ноября 2011 г. 15:15 пользователь Kramarenko A. Maksim
<ma...@kramarenko.pro> написал:
Kerberos вроде работает, но NFS отказывается (((
Мне тоже кажется что в gss дело.
Экспортирование вот такое?
/archiv-big gss/krb5(rw,sync,nohide,no_subtree_check,crossmnt)
Может имеет смысл попробовать gss/krb5i ?
И пройтись по tips из документа [1]
--
[1] http://wiki.debian.org/NFS/Kerberos
не помогает :(
krb5i задан, сервер перезапущен.
при монтировании:
ARCHIV ~ # mount -v -t nfs4 -o'sec=krb5i' archiv:/archiv-big /mnt
mount.nfs4: timeout set for Fri Nov 11 17:56:38 2011
mount.nfs4: trying text-based options
'sec=krb5i,addr=10.0.0.6,clientaddr=10.0.0.6'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting archiv:/archiv-big
В логе то же самое:
Nov 11 17:54:38 archiv rpc.gssd[2213]: handling gssd upcall
(/var/lib/nfs/rpc_pipefs/nfs/clnt28)
Nov 11 17:54:38 archiv rpc.gssd[2213]: handle_gssd_upcall: 'mech=krb5 uid=0 '
Nov 11 17:54:38 archiv rpc.gssd[2213]: handling krb5 upcall
(/var/lib/nfs/rpc_pipefs/nfs/clnt28)
Nov 11 17:54:38 archiv rpc.gssd[2213]: process_krb5_upcall: service is '<null>'
Nov 11 17:54:38 archiv rpc.gssd[2213]: Full hostname for 'archiv.SAG.local' is
'archiv.sag.local'
Nov 11 17:54:38 archiv rpc.gssd[2213]: Full hostname for 'archiv.sag.local' is
'archiv.sag.local'
Nov 11 17:54:38 archiv rpc.gssd[2213]: Key table entry not found while getting
keytab entry for 'root/archiv.sag.local@SAG.LOCAL'
Nov 11 17:54:38 archiv rpc.gssd[2213]: Success getting keytab entry for
'nfs/archiv.sag.local@SAG.LOCAL'
Nov 11 17:54:38 archiv rpc.gssd[2213]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321043604
Nov 11 17:54:38 archiv rpc.gssd[2213]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321043604
Nov 11 17:54:38 archiv rpc.gssd[2213]: using FILE:/tmp/krb5cc_machine_SAG.LOCAL
as credentials cache for machine creds
Nov 11 17:54:38 archiv rpc.gssd[2213]: using environment variable to select
krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCAL
Nov 11 17:54:38 archiv rpc.gssd[2213]: creating context using fsuid 0 (save_uid
0)
Nov 11 17:54:38 archiv rpc.gssd[2213]: creating tcp client for server
archiv.SAG.local
Nov 11 17:54:38 archiv rpc.gssd[2213]: DEBUG: port already set to 2049
Nov 11 17:54:38 archiv rpc.gssd[2213]: creating context with server
n...@archiv.sag.local
Nov 11 17:54:38 archiv rpc.gssd[2213]: in authgss_create_default()
Nov 11 17:54:38 archiv rpc.gssd[2213]: in authgss_create()
Nov 11 17:54:38 archiv rpc.gssd[2213]: authgss_create: name is 0x81df238
Nov 11 17:54:38 archiv rpc.gssd[2213]: authgss_create: gd->name is 0x81dfe98
Nov 11 17:54:38 archiv rpc.gssd[2213]: in authgss_refresh()
Nov 11 17:54:38 archiv rpc.gssd[2213]: struct rpc_gss_sec:
Nov 11 17:54:38 archiv rpc.gssd[2213]: mechanism_OID: { 1 2 134 72 134 247
18 1 2 2 }
Nov 11 17:54:38 archiv rpc.gssd[2213]: qop: 0
Nov 11 17:54:38 archiv rpc.gssd[2213]: service: 1
Nov 11 17:54:38 archiv rpc.gssd[2213]: cred: 0x81dd540
Nov 11 17:54:38 archiv rpc.gssd[2213]: req_flags: 00000002
Nov 11 17:54:38 archiv rpc.gssd[2213]: rpcsec_gss: gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more information -
(minor) No supported encryption types (config file error?)
Nov 11 17:54:38 archiv rpc.gssd[2213]: in authgss_destroy()
Nov 11 17:54:38 archiv rpc.gssd[2213]: in authgss_destroy_context()
Nov 11 17:54:38 archiv rpc.gssd[2213]: authgss_destroy: freeing name 0x81dfe98
Nov 11 17:54:38 archiv rpc.gssd[2213]: authgss_create_default: freeing name
0x81df238
Nov 11 17:54:38 archiv rpc.gssd[2213]: WARNING: Failed to create krb5 context
for user with uid 0 for server archiv.SAG.local
Nov 11 17:54:38 archiv rpc.gssd[2213]: WARNING: Failed to create machine krb5
context with credentials cache FILE:/tmp/krb5cc_machine_SAG.LOCAL for server
archiv.SAG.local
Nov 11 17:54:38 archiv rpc.gssd[2213]: WARNING: Machine cache is prematurely
expired or corrupted trying to recreate cache for server archiv.SAG.local
Nov 11 17:54:38 archiv rpc.gssd[2213]: Full hostname for 'archiv.SAG.local' is
'archiv.sag.local'
Nov 11 17:54:38 archiv rpc.gssd[2213]: Full hostname for 'archiv.sag.local' is
'archiv.sag.local'
Nov 11 17:54:38 archiv rpc.gssd[2213]: Key table entry not found while getting
keytab entry for 'root/archiv.sag.local@SAG.LOCAL'
Nov 11 17:54:38 archiv rpc.gssd[2213]: Success getting keytab entry for
'nfs/archiv.sag.local@SAG.LOCAL'
Nov 11 17:54:38 archiv rpc.gssd[2213]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321043604
Nov 11 17:54:38 archiv rpc.gssd[2213]: INFO: Credentials in CC
'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321043604
Nov 11 17:54:38 archiv rpc.gssd[2213]: using FILE:/tmp/krb5cc_machine_SAG.LOCAL
as credentials cache for machine creds
Nov 11 17:54:38 archiv rpc.gssd[2213]: using environment variable to select
krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCAL
Nov 11 17:54:38 archiv rpc.gssd[2213]: creating context using fsuid 0 (save_uid
0)
Nov 11 17:54:38 archiv rpc.gssd[2213]: creating tcp client for server
archiv.SAG.local
Nov 11 17:54:38 archiv rpc.gssd[2213]: DEBUG: port already set to 2049
Nov 11 17:54:38 archiv rpc.gssd[2213]: creating context with server
n...@archiv.sag.local
Nov 11 17:54:38 archiv rpc.gssd[2213]: in authgss_create_default()
Nov 11 17:54:38 archiv rpc.gssd[2213]: in authgss_create()
Nov 11 17:54:38 archiv rpc.gssd[2213]: authgss_create: name is 0x81e2898
Nov 11 17:54:38 archiv rpc.gssd[2213]: authgss_create: gd->name is 0x81dfd78
Nov 11 17:54:38 archiv rpc.gssd[2213]: in authgss_refresh()
Nov 11 17:54:38 archiv rpc.gssd[2213]: struct rpc_gss_sec:
Nov 11 17:54:38 archiv rpc.gssd[2213]: mechanism_OID: { 1 2 134 72 134 247
18 1 2 2 }
Nov 11 17:54:38 archiv rpc.gssd[2213]: qop: 0
Nov 11 17:54:38 archiv rpc.gssd[2213]: service: 1
Nov 11 17:54:38 archiv rpc.gssd[2213]: cred: 0x81dffe8
Nov 11 17:54:38 archiv rpc.gssd[2213]: req_flags: 00000002
Nov 11 17:54:38 archiv rpc.gssd[2213]: rpcsec_gss: gss_init_sec_context:
(major) Unspecified GSS failure. Minor code may provide more information -
(minor) No supported encryption types (config file error?)
Nov 11 17:54:38 archiv rpc.gssd[2213]: in authgss_destroy()
Nov 11 17:54:38 archiv rpc.gssd[2213]: in authgss_destroy_context()
Nov 11 17:54:38 archiv rpc.gssd[2213]: authgss_destroy: freeing name 0x81dfd78
Nov 11 17:54:38 archiv rpc.gssd[2213]: authgss_create_default: freeing name
0x81e2898
Nov 11 17:54:38 archiv rpc.gssd[2213]: WARNING: Failed to create krb5 context
for user with uid 0 for server archiv.SAG.local
Nov 11 17:54:38 archiv rpc.gssd[2213]: WARNING: Failed to create machine krb5
context with credentials cache FILE:/tmp/krb5cc_machine_SAG.LOCAL for server
archiv.SAG.local
Nov 11 17:54:38 archiv rpc.gssd[2213]: WARNING: Failed to create machine krb5
context with any credentials cache for server archiv.SAG.local
Nov 11 17:54:38 archiv rpc.gssd[2213]: doing error downcall
Nov 11 17:54:38 archiv rpc.gssd[2213]: destroying client
/var/lib/nfs/rpc_pipefs/nfs/clnt29
Nov 11 17:54:38 archiv rpc.gssd[2213]: destroying client
/var/lib/nfs/rpc_pipefs/nfs/clnt28
Как говориться ани море идеас? )
--
С Уважением,
--
To UNSUBSCRIBE, email to debian-russian-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/op.v4sbqfufyb2...@odmen.sag.local
