I'm sure this is better asked on an NFS or Linux list, rather than Kerberos.
Check to see if all the required kernel modules are loaded. (rpcsec_gss_krb5 in particular) K.C. On Sun, May 15, 2011 at 1:15 PM, Sascha <[email protected]> wrote: > Hi, > I am using Ubuntu 11.04 with threes KVM and three virtual servers in it. One > forDNS/DHCP (probably not relevant for this topic), one with kerberos and ldap > named authenticate) and one with NFS (named file). And a client, also running > Ubuntu 11.04, named blacklin. > > Ldap and Kerberos are probably working as intended, as I can login to the > client with the credentials specified in LDAP and kerberos. > However, when I am trying to mount the NFS shares on the client I get an error > message: > mount.nfs4: access denied by server while mounting file:/ > > Disabling the kerberos authentication in export the shares can be mounted > successfully. So I am assuming that it is an issue between NFS and Kerberos. > > Saying that, I have made some trouble shooting. > Running rpc.svcgssd -f -vvvv on the NFS server while doing a mount on the > client is showing the following: > > entering poll > leaving poll > handling null request > sname = nfs/[email protected] > DEBUG: serialize_krb5_ctx: lucid version! > prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 > doing downcall > mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84157 from now), > clnt: > [email protected], uid: -1, gid: -1, num aux grps: 0: > : qword_eol: fflush failed: errno 95 (Operation not supported) > WARNING: error writing to downcall channel > /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported > sending null reply > writing message: \x \x6080... DELETED ALL THE HEX FOR BETTER READBILITY ... > 772 > finished handling null request > entering poll > leaving poll > handling null request > sname = nfs/[email protected] > DEBUG: serialize_krb5_ctx: lucid version! > prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 > doing downcall > mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84157 from > now),clnt: > [email protected], uid: -1, gid: -1, num aux grps: 0: > : qword_eol: fflush failed: errno 95 (Operation not supported) > WARNING: error writing to downcall channel > /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported > sending null reply > writing message: \x \x602... DELETED ALL THE HEX FOR BETTER READBILITY ... 012 > finished handling null request > entering poll > leaving poll > handling null request > sname = nfs/[email protected] > DEBUG: serialize_krb5_ctx: lucid version! > prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 > doing downcall > mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84156 from > now),clnt: > [email protected], uid: -1, gid: -1, num aux grps: 0: > : qword_eol: fflush failed: errno 95 (Operation not supported) > WARNING: error writing to downcall channel > /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported > sending null reply > writing message: \x \x6082021b... DELETED ALL THE HEX FOR BETTER READBILITY > ... > 9eab8 > finished handling null request > entering poll > leaving poll > handling null request > sname = nfs/[email protected] > DEBUG: serialize_krb5_ctx: lucid version! > prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 > doing downcall > mech: krb5, hndl len: 4, ctx len 85, timeout: 1305563074 (84156 from > now),clnt: > [email protected], uid: -1, gid: -1, num aux grps: 0: > : qword_eol: fflush failed: errno 95 (Operation not supported) > WARNING: error writing to downcall channel > /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported > sending null reply > writing message: \x \x6082021... DELETED ALL THE HEX FOR BETTER READBILITY ... > 85987 > finished handling null request > > ========================================= > > Looking at the error message: > qword_eol: fflush failed: errno 95 (Operation not supported) > WARNING: error writing to downcall channel > /proc/net/rpc/auth.rpcsec.context/channel: Operation not supported > > I have googled around and found that a similar error was discussed in this > mailing list, but unfortunately it did not solve my issue. > > Please let me know if you need to know some specific settings or if you want > me > to check any settings. > > Any hint in troubleshooting this issue is highly appreciated. > > Thanks, > Sascha > > > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
