On Thu, 2010-05-27 at 14:30 -0400, Simo Sorce wrote:

> Oh right,
> then I guess you need to look into syslog to see if you can find any
> other hint.
> 
> does the gssd daemon log anything ?

It can be made to talk, like this:
rpc.gssd -f -vvvvvv -rrrrrr

Messages at startup:
Warning: rpcsec_gss library does not support setting debug level
beginning poll

At mount time:
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35)
handle_gssd_upcall: 'mech=krb5 uid=0 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35)
process_krb5_upcall: service is '<null>'
Full hostname for 'server.xxx.com' is 'server.xxx.com'
Full hostname for 'client.xxx.com' is 'client.xxx.com'
Key table entry not found while getting keytab entry for 
'root/client.xxx....@xxx.com'
Success getting keytab entry for 'nfs/client.xxx....@xxx.com'
Successfully obtained machine credentials for principal 
'nfs/client.xxx....@xxx.com' stored in ccache 'FILE:/tmp/krb5cc_machine_XXX.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_XXX.COM' are good until 
1275168019
using FILE:/tmp/krb5cc_machine_XXX.COM as credentials cache for machine creds
using environment variable to select krb5 ccache 
FILE:/tmp/krb5cc_machine_XXX.COM
creating context using fsuid 0 (save_uid 0)
creating tcp client for server server.xxx.com
DEBUG: port already set to 2049
creating context with server n...@server.xxx.com
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35)
handle_gssd_upcall: 'mech=krb5 uid=1591 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35)
process_krb5_upcall: service is '<null>'
getting credentials for client with uid 1591 for server server.xxx.com
CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_1591'(u...@xxx.com) passed all checks and has mtime of 
1274978851
CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591
CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591
CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591
using FILE:/tmp/krb5cc_1591 as credentials cache for client with uid 1591 for 
server server.xxx.com
using environment variable to select krb5 ccache FILE:/tmp/krb5cc_1591
creating context using fsuid 1591 (save_uid 0)
creating tcp client for server server.xxx.com
DEBUG: port already set to 2049
creating context with server n...@server.xxx.com
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall


Now interestingly, the access works if rpc.gssd is started from the
console!

When I start it using "service rpc.gssd restart", it fails again, now
with this in the log:
beginning poll
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
handle_gssd_upcall: 'mech=krb5 uid=0 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
process_krb5_upcall: service is '<null>'
Full hostname for 'server.xxx.com' is 'server.xxx.com'
Full hostname for 'client.xxx.com' is 'client.xxx.com'
Key table entry not found while getting keytab entry for 
'root/client.xxx....@xxx.com'
Success getting keytab entry for 'nfs/client.xxx....@xxx.com'
Successfully obtained machine credentials for principal 
'nfs/client.xxx....@xxx.com' stored in ccache 'FILE:/tmp/krb5cc_machine_XXX.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_XXX.COM' are good until 
1275169699
using FILE:/tmp/krb5cc_machine_XXX.COM as credentials cache for machine creds
using environment variable to select krb5 ccache 
FILE:/tmp/krb5cc_machine_XXX.COM
creating context using fsuid 0 (save_uid 0)
creating tcp client for server server.xxx.com
DEBUG: port already set to 2049
creating context with server n...@server.xxx.com
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8
doing downcall
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
handle_gssd_upcall: 'mech=krb5 uid=1591 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
process_krb5_upcall: service is '<null>'
getting credentials for client with uid 1591 for server server.xxx.com
CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_1591' is expired or corrupt
CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591
CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591
CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591
WARNING: Failed to create krb5 context for user with uid 1591 for server 
server.xxx.com
doing error downcall
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
handle_gssd_upcall: 'mech=krb5 uid=1591 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
process_krb5_upcall: service is '<null>'
getting credentials for client with uid 1591 for server server.xxx.com
CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_1591' is expired or corrupt
CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591
CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591
CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591
WARNING: Failed to create krb5 context for user with uid 1591 for server 
server.xxx.com
doing error downcall
handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
handle_gssd_upcall: 'mech=krb5 uid=1591 '
handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47)
process_krb5_upcall: service is '<null>'
getting credentials for client with uid 1591 for server server.xxx.com
CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM'
CC file '/tmp/krb5cc_1591' is expired or corrupt
CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591
CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591
CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 
'XXX.COM'
CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591
WARNING: Failed to create krb5 context for user with uid 1591 for server 
server.xxx.com
doing error downcall

For some reason I have no clue about, it does not like my credentials
cache (/tmp/krb5cc_1591) when not run from the console.

Thanks,
Tom



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to