Hi, I am using Ubuntu 11.04 with threes KVM and three virtual servers in it. One forDNS/DHCP (probably not relevant for this topic), one with kerberos and ldap named authenticate) and one with NFS (named file). And a client, also running Ubuntu 11.04, named blacklin.
Ldap and Kerberos are probably working as intended, as I can login to the client with the credentials specified in LDAP and kerberos. However, when I am trying to mount the NFS shares on the client I get an error message: mount.nfs4: access denied by server while mounting file:/ Disabling the kerberos authentication in export the shares can be mounted successfully. So I am assuming that it is an issue between NFS and Kerberos. Saying that, I have made some trouble shooting. Running rpc.svcgssd -f -vvvv on the NFS server while doing a mount on the client is showing the following: entering poll leaving poll handling null request sname = nfs/[email protected] DEBUG: serialize_krb5_ctx: lucid version! prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 doing downcall mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84157 from now), clnt: [email protected], uid: -1, gid: -1, num aux grps: 0: : qword_eol: fflush failed: errno 95 (Operation not supported) WARNING: error writing to downcall channel /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported sending null reply writing message: \x \x6080... DELETED ALL THE HEX FOR BETTER READBILITY ... 772 finished handling null request entering poll leaving poll handling null request sname = nfs/[email protected] DEBUG: serialize_krb5_ctx: lucid version! prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 doing downcall mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84157 from now),clnt: [email protected], uid: -1, gid: -1, num aux grps: 0: : qword_eol: fflush failed: errno 95 (Operation not supported) WARNING: error writing to downcall channel /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported sending null reply writing message: \x \x602... DELETED ALL THE HEX FOR BETTER READBILITY ... 012 finished handling null request entering poll leaving poll handling null request sname = nfs/[email protected] DEBUG: serialize_krb5_ctx: lucid version! prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 doing downcall mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84156 from now),clnt: [email protected], uid: -1, gid: -1, num aux grps: 0: : qword_eol: fflush failed: errno 95 (Operation not supported) WARNING: error writing to downcall channel /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported sending null reply writing message: \x \x6082021b... DELETED ALL THE HEX FOR BETTER READBILITY ... 9eab8 finished handling null request entering poll leaving poll handling null request sname = nfs/[email protected] DEBUG: serialize_krb5_ctx: lucid version! prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 doing downcall mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84156 from now),clnt: [email protected], uid: -1, gid: -1, num aux grps: 0: : qword_eol: fflush failed: errno 95 (Operation not supported) WARNING: error writing to downcall channel /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported sending null reply writing message: \x \x6082021... DELETED ALL THE HEX FOR BETTER READBILITY ... 85987 finished handling null request ========================================= Looking at the error message: qword_eol: fflush failed: errno 95 (Operation not supported) WARNING: error writing to downcall channel /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported I have googled around and found that a similar error was discussed in this mailing list, but unfortunately it did not solve my issue. Please let me know if you need to know some specific settings or if you want me to check any settings. Any hint in troubleshooting this issue is highly appreciated. Thanks, Sascha ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
