On 03/03/2015 12:35 PM, Günther J. Niederwimmer wrote:
Hello,

Am Dienstag, 3. März 2015, 11:15:14 schrieb Dmitri Pal:
On 03/03/2015 10:39 AM, Günther J. Niederwimmer wrote:
Hello,

what is wrong on my setup?
This is a "normal" install with ipa-server-install and ipa-client install
on 5 KVM clients.

CentOs 7



WARNING: Failed to create krb5 context for user with uid 225200001 for
server bbs.gjn.prv
Can this be correct ??

I make a kinit with this user ?


Mar  3 16:28:22 smtp1 rpc.gssd[6912]: doing error downcall
Mar  3 16:28:22 smtp1 rpc.gssd[32155]: handling gssd upcall
(/var/lib/nfs/rpc_pipefs/nfs/clnt5)
Mar  3 16:28:22 smtp1 rpc.gssd[32155]: handle_gssd_upcall: 'mech=krb5
uid=225200001 enctypes=18,17,16,23,3,1,2 '
Mar  3 16:28:22 smtp1 rpc.gssd[6913]: handling krb5 upcall
(/var/lib/nfs/rpc_pipefs/nfs/clnt5)
Mar  3 16:28:22 smtp1 rpc.gssd[6913]: process_krb5_upcall: service is
'<null>'
I assume this is a log from the nfs client shoing the attempt to access
NFS server.
Seems like something is misconfigured in the nfs configuration or there
is a mismatch between the acceptable encryption types on the server and
on the client.
Yes this is a log from nfs-client but on the server I have the same Errors.
I have all docs I found read .-(.
Mar  3 16:28:22 smtp1 rpc.gssd[6913]: ERROR: GSS-API: error in
gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure.  Minor code
may
provide more information) - No Kerberos credentials available
Mar  3 16:28:22 smtp1 rpc.gssd[6913]: getting credentials for client with
uid 225200001 for server bbs.gjn.prv
Mar  3 16:28:22 smtp1 rpc.gssd[6913]: CC '/tmp/krb5ccmachine_GJN.PRV'
being
considered, with preferred realm 'GJN.PRV'
Mar  3 16:28:22 smtp1 rpc.gssd[6913]: CC '/tmp/krb5ccmachine_GJN.PRV'
owned by 0, not 225200001
Mar  3 16:28:22 smtp1 rpc.gssd[6913]: getting credentials for client with
uid 225200001 for server bbs.gjn.prv
Mar  3 16:28:22 smtp1 rpc.gssd[6913]: Error doing scandir on directory
'/run/user/225200001': No such file or directory
Why I have no User (?) and this is not created by a kinit ?

Mar  3 16:28:22 smtp1 rpc.gssd[6913]: WARNING: Failed to create krb5
context for user with uid 225200001 for server bbs.gjn.prv

Mar  3 16:28:22 smtp1 rpc.gssd[6913]: doing error downcall
Mar  3 16:28:22 smtp1 rpc.gssd[32155]: handling gssd upcall
(/var/lib/nfs/rpc_pipefs/nfs/clnt5)
Mar  3 16:28:22 smtp1 rpc.gssd[32155]: handle_gssd_upcall: 'mech=krb5
uid=225200001 enctypes=18,17,16,23,3,1,2 '
Mar  3 16:28:22 smtp1 rpc.gssd[6914]: handling krb5 upcall
(/var/lib/nfs/rpc_pipefs/nfs/clnt5)
Mar  3 16:28:22 smtp1 rpc.gssd[6914]: process_krb5_upcall: service is
'<null>' Mar  3 16:28:22 smtp1 rpc.gssd[6914]: ERROR: GSS-API: error in
gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure.  Minor code
may
provide more information) - No Kerberos credentials available
Mar  3 16:28:22 smtp1 rpc.gssd[6914]: getting credentials for client with
uid 225200001 for server bbs.gjn.prv
Mar  3 16:28:22 smtp1 rpc.gssd[6914]: CC '/tmp/krb5ccmachine_GJN.PRV'
being
considered, with preferred realm 'GJN.PRV'
Mar  3 16:28:22 smtp1 rpc.gssd[6914]: CC '/tmp/krb5ccmachine_GJN.PRV'
owned by 0, not 225200001
Mar  3 16:28:22 smtp1 rpc.gssd[6914]: getting credentials for client with
uid 225200001 for server bbs.gjn.prv
Mar  3 16:28:22 smtp1 rpc.gssd[6914]: Error doing scandir on directory
'/run/user/225200001': No such file or directory
Mar  3 16:28:22 smtp1 rpc.gssd[6914]: WARNING: Failed to create krb5
context for user with uid 225200001 for server bbs.gjn.prv
Thank's for answer.


If this is the client. Let us step back and ask the following questions:
a) Are users resolvable using id command and friends?
b) Can you do kinit as an ipa user from the client?
c) Can you log in to that system?

In 7 the credential cache created by SSSD is in kernel keyring but it seems that NFS client is looking for it in /tmp.

What is the sequence of operations? What do you actually do before you observe this error (for example: reboot, log into the system using sssd...)?

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to