[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Excellent, thanks Matt. I'll get the SRU process rolling on this and see if we can get this into the the distro. Thanks again, Adam ** Changed in: linux (Ubuntu Precise) Assignee: Chris J Arges (christopherarges) = Adam Stokes (adam-stokes) ** Changed in: linux (Ubuntu Precise) Status: Incomplete = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
** Attachment added: nfs-utils_1.2.6-3ubuntu2.1.quantal.debiff https://bugs.launchpad.net/ubuntu/+source/linux/+bug/794112/+attachment/3312962/+files/nfs-utils_1.2.6-3ubuntu2.1.quantal.debiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
** Patch added: nfs-utils_1.2.5-3ubuntu3.1.precise.debdiff
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/794112/+attachment/3312996/+files/nfs-utils_1.2.5-3ubuntu3.1.precise.debdiff
** Patch removed: nfs-utils_1.2.5-3ubuntu4.debdiff
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/794112/+attachment/3272258/+files/nfs-utils_1.2.5-3ubuntu4.debdiff
** Changed in: linux (Ubuntu)
Status: Incomplete = In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) = Adam Stokes (adam-stokes)
** Description changed:
+ [Impact]
+ Those who heavily rely on kerberized mounted home directories
+
+
+ [Test Case]
Hi there!
I've configured a Natty client/server pair to authenticate over Kerberos
and LDAP and to mount user home directories via NFSv4 with sec=krb5. I
am using a slight variation on the configuration described here:
http://www.danbishop.org/2011/05/01/ubuntu-11-04-sbs-small-business-
server-setup-part-3-openldap/
Under this setup, user sessions that are left unattended for a long
period of time -- eg, when someone goes home for the night but stays
logged in -- always result in a wedged machine. What do I mean by
wedged? When the user returns to their session (the next morning), the
screen is sorta grayed out. Keystrokes and mouse movement fail to elicit
a reaction from the OS. I can switch to an ANSI terminal (Ctrl+Alt+F1),
but cannot log in as the offending user there; the prompt will accept a
username and password but never return. I CAN login using my localadmin,
presumably because it uses UNIX authentication rather than
LDAP/Kerberos. I have heretofore been unable to recover the machine as
the localadmin, though. If localadmin attempts to sudo reboot the
machine, the reboot process starts but never finishes.
+
+ [Regression Potentional]
+ Seems minimal as we are adding an additional condition check for expired
tickets.
+
+
+ [More info]
Some odd things in the server syslog:
Jun 6 07:40:15 server krb5kdc[822]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.0.59: NEEDED_PREAUTH: nfs/carina.co57@co57.lan for
krbtgt/co57@co57.lan, Additional pre-authentication required
Jun 6 07:40:15 server krb5kdc[822]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.0.59: ISSUE: authtime 1307360415, etypes {rep=18 tkt=18 ses=18},
nfs/carina.co57@co57.lan for krbtgt/co57@co57.lan
Jun 6 07:40:15 server krb5kdc[822]: TGS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.0.59: ISSUE: authtime 1307360415, etypes {rep=18 tkt=18 ses=18},
nfs/carina.co57@co57.lan for nfs/server.co57@co57.lan
Jun 6 07:40:15 server krb5kdc[822]: TGS_REQ (3 etypes {1 3 2}) 192.168.0.59:
ISSUE: authtime 1307360415, etypes {rep=18 tkt=18 ses=1},
nfs/carina.co57@co57.lan for nfs/server.co57@co57.lan
Jun 6 07:40:15 server nslcd[950]: [92ef4c]
nslcd_passwd_byname(nfs/carina.co57.lan): invalid user name
Jun 6 07:46:49 server slapd[836]: = bdb_equality_candidates: (uid) not
indexed
Jun 6 07:46:49 server slapd[836]: = bdb_equality_candidates: (cn) not
indexed
Jun 6 07:48:51 server slapd[836]: = bdb_equality_candidates: (uidNumber)
not indexed
Jun 6 07:49:20 server slapd[836]: = bdb_equality_candidates: (uid) not
indexed
Jun 6 07:57:07 server slapd[836]: = bdb_equality_candidates: (uid) not
indexed
Jun 6 07:57:07 server slapd[836]: = bdb_equality_candidates: (cn) not
indexed
Jun 6 07:59:35 server slapd[836]: = bdb_equality_candidates: (uid) not
indexed
Jun 6 08:00:00 server slapd[836]: = bdb_equality_candidates: (cn) not
indexed
Jun 6 08:00:01 server slapd[836]: last message repeated 3 times
And from all over the client syslog:
Jun 6 10:53:28 carina kernel: [47636.670075] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:33 carina kernel: [47641.666533] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:38 carina kernel: [47646.662437] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:43 carina kernel: [47651.658844] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:48 carina kernel: [47656.655152] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:53 carina kernel: [47661.651498] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:58 carina kernel: [47666.647829] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:54:03 carina kernel: [47671.644084] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:54:08 carina kernel: [47676.640219] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Matthew, Just to verify you are running a precise kernel and not the one patched from #15? Thanks Adam -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Hi Adam, Yes - we are running the unpatched precise kernel. I don't remember the version when I first started testing with my nfs-utils patch, but we're currently running linux-image-3.2.0-30-generic version 3.2.0-30.48. A few systems that haven't rebooted recently are still on linux- headers-3.2.0-29-generic version 3.2.0-29.46. I've been running my nfs-utils patch on about 70 machines with kerberized nfs home directories since August 22nd and all blocking issues we were seeing on credential expiration are gone. Thanks and let me know if you need any other info. -Matt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
The patch from the debian bug has been working well on all of our systems and completely fixes the issues we had been seeing related to the new EKEYEXPIRED behavior. I applied the upstream patch to nfs-utils 1.2.5, and also made a small tweak to the gssd man page to document it. I'm not sure whether a debdiff or the raw patch is more useful, so I'll attach both. ** Patch added: nfs-utils_1.2.5-3ubuntu4.debdiff https://bugs.launchpad.net/ubuntu/+source/linux/+bug/794112/+attachment/3272258/+files/nfs-utils_1.2.5-3ubuntu4.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
** Patch added: 19-ticket-expired-error.patch https://bugs.launchpad.net/ubuntu/+source/linux/+bug/794112/+attachment/3272259/+files/19-ticket-expired-error.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
The attachment nfs-utils_1.2.5-3ubuntu4.debdiff of this bug report has been identified as being a patch in the form of a debdiff. The ubuntu- sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu- sponsors team please also unsubscribe the team from this bug report. [This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Given the discussion on the linux-nfs list, I actually doubt this change will be reverted. I can see that this could potentially be desired behavior, but in some circumstances, it's catastrophic. For example, in our environment we have kerberized nfs home directories. If a user runs something in screen and logs out, they can't ever log back in to renew credentials if they expire. Also, if they're logged into a graphical workstation and credentials expire while the screensaver is running, it can't ever pop up the dialog prompting for password - ouch! I'm testing the patch provided by John Hughes on the Debian bug and it seems to work really well. The only catch is that you have to edit the gssd.conf upstart script directly, since it doesn't read RPCGSSD_OPTS from the nfs-utils defaults file any more. (bug #564043) I'm rolling this out to a few of our more public machines this weekend and if all goes well, I'll put together a debdiff. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
** Changed in: linux (Ubuntu Precise) Assignee: (unassigned) = Chris J Arges (christopherarges) ** No longer affects: linux -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
I can't agree. Long run jobs and desktop session are two different cases. When user leaves at the of the day his desk and leave its session open, it seems normal that the filesystem, without revalidation becomes unavailable, like it always use to be. Once unavailable, it can't be used be an attacker who gains root access and, through sudo gains user fs access. When the user get back to his desk, he revalidates his ticket and things goes on. Having an automatic ticket renewal discards any advantages of using nfsv4+kerberos (why don't simply use nfsv3 and his, no ticket to renew, no FS availability issue …). Long runs jobs is another case in which user must access the FS over long period and should'nt be handled in the same way. It can be done as you describe or through nfsv3 on a dedicated node where security is much more drastic. As i already said, a mainstream patch has been proposed to handle this : http://www.spinics.net/lists/linux-nfs/msg31257.html . Bests Le 2 juil. 2012 à 19:13, Dominic Gross a écrit : Automatically renewing the ticket is not a security breach. Since it can be done without storing passwords I don't see why it should be unsafe. IMHO it currently is the only reasonably safe way to keep NFS home directories accessible for long running jobs (e.g. if you have to run a simulation overnight) and unattended GUI applications. If the user is not around the screen should be locked anyway. It is certainly much safer than just extending the expiration date of the ticket. -- Christophe Ségui Responsable informatique Institut de Mathématiques de Toulouse Université de Toulouse - CNRS 118 Route de Narbonne 31062 Toulouse Cedex 09 Tel : (+33) 5 61 55 63 78 christophe.se...@math.univ-toulouse.fr http://www.math.univ-toulouse.fr -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Automatically renewing the ticket is not a security breach. Since it can be done without storing passwords I don't see why it should be unsafe. IMHO it currently is the only reasonably safe way to keep NFS home directories accessible for long running jobs (e.g. if you have to run a simulation overnight) and unattended GUI applications. If the user is not around the screen should be locked anyway. It is certainly much safer than just extending the expiration date of the ticket. On a standard MIT Kerberos installation the user can renew the ticket without entering the password for up to 7 days if the ticket and your account are still valid. Obviously the longer the ticket is out there, the higher the risk that somebody might steal it, so this has to be configured accordingly. But I really don't see a big security issue there. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
The Kernel posted by Chris allows, (with console login), the user to unlock the screensaver Well, this seems to fix the original bug reported here. Which is that nobody can log in using LDAP / Kerberos once a ticket of one signed in user expired. but applications, such like web browser, remains stuck and the session has to be restarted in order to work properly. This looks like the intended behavior to me. The user's Kerberos Ticket expires some time after log in. At that point the applications can no longer access the user's NFS home directory and the applications get stuck or crash. Once a user enters his / her password again a new ticket is granted and the user can log into the session /access the home directory again. However, in my experience few applications fully recover from not being able to access the home directory for a longer time. So, it seems to me, that in order to fix this remaining issue one needs to set up something to automatically renew Kerberos Tickets. This can be implemented either via a cronjob or packages like kstart or sssd. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
We use sssd and had the same problem until I set krb5_renew_interval in the sssd.conf. After that we have had no problems. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
The Kernel posted by Chris allows, (with console login), the user to unlock the screensaver but applications, such like web browser, remains stuck and the session has to be restarted in order to work properly. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
This same problem applies to kerberized NFSv3 as well as NFSv4. In both cases, the kernel will keep retrying if rpc.gssd only finds expired credentials. I've been investigating this problem because after a Lucid to Precise upgrade, users with kerberized NFS homedirs are unable to unlock their screens. Back in Jan 2010, rpc.gssd got support for returning EKEYEXPIRED: http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=289ad31e And around the same time, the kernel was changed to retry on EKEYEXPIRED: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=2c643488 (NFSv4) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=b68d69b8 (NFSv3) So it looks like this is intended behavior, but it leaves users with kerberized NFS home directories in a really bad situation. There have been some proposed patches both here and in the linked Debian bug against nfs-utils, but so far it doesn't look like any have been accepted upstream. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
I installed the kernel build posted by Chris in #15, logged in as an LDAP user with KRB5 auth and a kerberised nfs4 home directory, then left the machine unattended for 24 hours. Under these conditions the X session would be locked up when I returned to the machine and the nfs mount inaccessable (if switching to a virtual console and logging in as a local user). This kernel seems to have mostly fixed things. This time I left the machine running with two terminals open, one showing the output of klist, so I could see when the ticket expired, the other running 'watch date'. I found the x session frozen a few seconds after the ticket expired. However, switching to a virtual console, I could log in as a local user and still access the nfs mount fine. There appeared to be now errors in the syslog (either now or around the time the ticket expired). Then still at the virtual console, I ssh'ed into this same box but as the ldap user, and logged in fine. When I then switched back to the X session it had unfrozen, although both terminal windows were gone and replaced with an error message telling me it had crashed. I'm not sure what caused the hung X session (or if it's still related to this bug), but the NFS mount seems to be handling ticket expiration better now. I should also mention that this machine does have machine credentials in Kerberos as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Could someone test the kernel image Chris posted? ** Package changed: nfs-utils (Ubuntu Precise) = linux (Ubuntu Precise) ** Changed in: linux (Ubuntu Precise) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
This could be related to this thread (thanks to Sachin): http://thread.gmane.org/gmane.linux.nfs/47940/focus=47947 I have built a kernel with a cherry picked patch from e49a29bd0eacce9d4956c4daf777a330115b369d, which is the upstream commit of this patch. Please see if my Precise kernel build fixes the issue, you can download the files at: http://people.canonical.com/~arges/lp794112/ Thanks, ** Also affects: linux Importance: Undecided Status: New ** Changed in: linux Assignee: (unassigned) = Chris J Arges (christopherarges) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
** Tags added: rls-mgr-p-tracking -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
** Changed in: nfs-utils (Debian) Status: Unknown = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
related to this discussion: http://www.spinics.net/lists/linux-nfs/msg25492.html ** Package changed: ubuntu = nfs-utils (Ubuntu) ** Changed in: nfs-utils (Ubuntu) Importance: Undecided = High ** Also affects: nfs-utils (Ubuntu Precise) Importance: High Status: Confirmed ** Bug watch added: Debian Bug tracker #648155 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648155 ** Also affects: nfs-utils (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648155 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
** Changed in: ubuntu Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Some of my blocked processes are starting to generate stack traces from the kernel: Jul 1 08:11:43 carina kernel: [36142.699465] INFO: task chrome:2165 blocked for more than 120 seconds. Jul 1 08:11:43 carina kernel: [36142.699469] echo 0 /proc/sys/kernel/hung_task_timeout_secs disables this message. Jul 1 08:11:43 carina kernel: [36142.699472] chrome D 0004 0 2165 1 0x Jul 1 08:11:43 carina kernel: [36142.699477] 8804005f5e48 0086 8804005f5fd8 8804005f4000 Jul 1 08:11:43 carina kernel: [36142.699482] 00013d00 88040dfa4858 8804005f5fd8 00013d00 Jul 1 08:11:43 carina kernel: [36142.699486] 88041f982dc0 88040dfa44a0 000c0001 88040dfa44a0 Jul 1 08:11:43 carina kernel: [36142.699491] Call Trace: Jul 1 08:11:43 carina kernel: [36142.699501] [815c2a1d] rwsem_down_failed_common+0xcd/0x170 Jul 1 08:11:43 carina kernel: [36142.699505] [815c2ad3] rwsem_down_write_failed+0x13/0x20 Jul 1 08:11:43 carina kernel: [36142.699511] [812e6ac3] call_rwsem_down_write_failed+0x13/0x20 Jul 1 08:11:43 carina kernel: [36142.699515] [815c1dd2] ? down_write+0x32/0x40 Jul 1 08:11:43 carina kernel: [36142.699521] [8126ebf0] sys_shmdt+0x60/0x180 Jul 1 08:11:43 carina kernel: [36142.699526] [8100c002] system_call_fastpath+0x16/0x1b Jul 1 08:11:43 carina kernel: [36142.699530] INFO: task chrome:2182 blocked for more than 120 seconds. Jul 1 08:11:43 carina kernel: [36142.699532] echo 0 /proc/sys/kernel/hung_task_timeout_secs disables this message. Jul 1 08:11:43 carina kernel: [36142.699534] chrome D 0 2182 1 0x Jul 1 08:11:43 carina kernel: [36142.699538] 8804029f5a98 0086 8804029f5fd8 8804029f4000 Jul 1 08:11:43 carina kernel: [36142.699542] 00013d00 88041030df38 8804029f5fd8 00013d00 Jul 1 08:11:43 carina kernel: [36142.699547] 81a0b020 88041030db80 8800bf7542a8 8800bf413d00 Jul 1 08:11:43 carina kernel: [36142.699551] Call Trace: Jul 1 08:11:43 carina kernel: [36142.699567] [a0b666b0] ? nfs_wait_bit_uninterruptible+0x0/0x20 [nfs] Jul 1 08:11:43 carina kernel: [36142.699571] [815c0980] io_schedule+0x70/0xc0 Jul 1 08:11:43 carina kernel: [36142.699582] [a0b666be] nfs_wait_bit_uninterruptible+0xe/0x20 [nfs] Jul 1 08:11:43 carina kernel: [36142.699586] [815c12ff] __wait_on_bit+0x5f/0x90 Jul 1 08:11:43 carina kernel: [36142.699597] [a0b666b0] ? nfs_wait_bit_uninterruptible+0x0/0x20 [nfs] Jul 1 08:11:43 carina kernel: [36142.699601] [815c13ac] out_of_line_wait_on_bit+0x7c/0x90 Jul 1 08:11:43 carina kernel: [36142.699606] [81087f70] ? wake_bit_function+0x0/0x50 Jul 1 08:11:43 carina kernel: [36142.699616] [a0b66a66] nfs_wait_on_request+0x36/0x40 [nfs] Jul 1 08:11:43 carina kernel: [36142.699628] [a0b6c933] nfs_try_to_update_request+0x83/0x160 [nfs] Jul 1 08:11:43 carina kernel: [36142.699640] [a0b6ca4d] nfs_writepage_setup+0x3d/0x1e0 [nfs] Jul 1 08:11:43 carina kernel: [36142.699652] [a0b6cc73] nfs_updatepage+0x83/0x180 [nfs] Jul 1 08:11:43 carina kernel: [36142.699663] [a0b66949] ? nfs_release_request+0x19/0x20 [nfs] Jul 1 08:11:43 carina kernel: [36142.699671] [a0b5b376] nfs_vm_page_mkwrite+0x106/0x160 [nfs] Jul 1 08:11:43 carina kernel: [36142.699676] [8112e8c4] do_wp_page+0x584/0x770 Jul 1 08:11:43 carina kernel: [36142.699679] [8117d5af] ? touch_atime+0x5f/0x180 Jul 1 08:11:43 carina kernel: [36142.699683] [81130aab] handle_pte_fault+0x1db/0x210 Jul 1 08:11:43 carina kernel: [36142.699687] [81131d4d] handle_mm_fault+0x16d/0x250 Jul 1 08:11:43 carina kernel: [36142.699691] [815c6a47] do_page_fault+0x1a7/0x540 Jul 1 08:11:43 carina kernel: [36142.699696] [81164fd0] ? vfs_read+0x120/0x180 Jul 1 08:11:43 carina kernel: [36142.699699] [815c34d5] page_fault+0x25/0x30 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Again today, the client wedged at the same time as the DHCP refresh. The client's IP did not change. Any thoughts on what could be going on here? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
This bug seems to strike me as well, but without LDAP being involved. After migrating from 10.04 to 11.04 the same setup (kerberos, NFS4) leads to frozen machines in the morning. In my case the bug arose pretty exactly 10m before a DHCP request. Don't know if there are linked: Jul 1 04:17:01 pcandreas2 CRON[8863]: (root) CMD ( cd / run-parts --report /etc/cron.hourly) Jul 1 04:18:42 pcandreas2 kernel: [76984.004995] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server someserver. Jul 1 04:18:47 pcandreas2 kernel: [76989.015060] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server someserver. [...] Jul 1 04:28:33 pcandreas2 kernel: [77575.185114] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server someserver. Jul 1 04:28:37 pcandreas2 dhclient: DHCPREQUEST of 10.0.1.42 on eth0 to 10.0.0.2 port 67 Jul 1 04:28:37 pcandreas2 dhclient: DHCPACK of 10.0.1.42 from 10.0.0.2 Jul 1 04:28:37 pcandreas2 dhclient: bound to 10.0.1.42 -- renewal in 37405 seconds. Jul 1 04:28:38 pcandreas2 kernel: [77580.194966] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server someserver. [...] -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
The client OS appears to be wedging at precisely the time of a DHCP refresh. I came in this morning at 10:00am and found my desktop wedged with the clock stuck at 6:01am. From the syslog: Jun 29 06:01:04 carina kernel: [70343.412331] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 29 06:01:09 carina kernel: [70348.408657] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 29 06:01:14 carina dhclient: DHCPREQUEST of 192.168.0.59 on eth0 to 192.168.0.2 port 67 Jun 29 06:01:14 carina dhclient: DHCPACK of 192.168.0.59 from 192.168.0.2 Jun 29 06:01:14 carina dhclient: bound to 192.168.0.59 -- renewal in 15298 seconds. Jun 29 06:01:14 carina kernel: [70353.404947] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 29 06:01:19 carina kernel: [70358.401192] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 29 06:01:24 carina kernel: [70363.397718] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Observation: rpciod, nfsiod, and nfsv4.0-svc do not respond to kill -9 under these conditions. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
On Sat, Jun 25, 2011 at 09:15:42PM -, Brian the Lion wrote: @Steve: I have not. What would the procedure for that look like? Purge the existing nfs-utils deb, and then build and install nfs-utils from source? Yes, that would work. Is there anything I can do to further pinpoint the problem before I try that? Not that I know of. On Sat, Jun 25, 2011 at 11:54:37PM -, Brian the Lion wrote: Another theory: nslcd is trying to refresh the client's kerberos ticket via LDAP. It is failing because, unlike the user principles, the nfs principles do not have LDAP entries. Should they? Or is there a way to tell the nfs clients to not use LDAP? I have no idea how this would work... I would say that if nslcd can get *any* kerberos tickets via LDAP, that's a misconfiguration of the directory, since that would bypass the Kerberos security model. NFS clients are certainly not using LDAP to get kerberos tickets, anyway. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
@Steve: I have not. What would the procedure for that look like? Purge the existing nfs-utils deb, and then build and install nfs-utils from source? Is there anything I can do to further pinpoint the problem before I try that? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Another theory: nslcd is trying to refresh the client's kerberos ticket via LDAP. It is failing because, unlike the user principles, the nfs principles do not have LDAP entries. Should they? Or is there a way to tell the nfs clients to not use LDAP? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
I'm super keen to try debugging this myself -- you can even assign me the bug -- if somebody will give me a little direction. Cheers! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
If #kerberos thinks it's a kernel/nfs-utils version mismatch, have you tried testing with the version combination they recommend? Your bug report includes no information about what versions of anything you're running. Please run 'apport-collect 794112'. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
** Description changed:
Hi there!
I've configured a Natty client/server pair to authenticate over Kerberos
and LDAP and to mount user home directories via NFSv4 with sec=krb5. I
am using a slight variation on the configuration described here:
http://www.danbishop.org/2011/05/01/ubuntu-11-04-sbs-small-business-
server-setup-part-3-openldap/
Under this setup, user sessions that are left unattended for a long
period of time -- eg, when someone goes home for the night but stays
logged in -- always result in a wedged machine. What do I mean by
wedged? When the user returns to their session (the next morning), the
screen is sorta grayed out. Keystrokes and mouse movement fail to elicit
a reaction from the OS. I can switch to an ANSI terminal (Ctrl+Alt+F1),
but cannot log in as the offending user there; the prompt will accept a
- username and password by never return. I CAN login using my localadmin,
+ username and password but never return. I CAN login using my localadmin,
presumably because it uses UNIX authentication rather than
LDAP/Kerberos. I have heretofore been unable to recover the machine as
the localadmin, though. If localadmin attempts to sudo reboot the
machine, the reboot process starts but never finishes.
Some odd things in the server syslog:
Jun 6 07:40:15 server krb5kdc[822]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.0.59: NEEDED_PREAUTH: nfs/carina.co57@co57.lan for
krbtgt/co57@co57.lan, Additional pre-authentication required
Jun 6 07:40:15 server krb5kdc[822]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.0.59: ISSUE: authtime 1307360415, etypes {rep=18 tkt=18 ses=18},
nfs/carina.co57@co57.lan for krbtgt/co57@co57.lan
Jun 6 07:40:15 server krb5kdc[822]: TGS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.0.59: ISSUE: authtime 1307360415, etypes {rep=18 tkt=18 ses=18},
nfs/carina.co57@co57.lan for nfs/server.co57@co57.lan
Jun 6 07:40:15 server krb5kdc[822]: TGS_REQ (3 etypes {1 3 2}) 192.168.0.59:
ISSUE: authtime 1307360415, etypes {rep=18 tkt=18 ses=1},
nfs/carina.co57@co57.lan for nfs/server.co57@co57.lan
Jun 6 07:40:15 server nslcd[950]: [92ef4c]
nslcd_passwd_byname(nfs/carina.co57.lan): invalid user name
Jun 6 07:46:49 server slapd[836]: = bdb_equality_candidates: (uid) not
indexed
Jun 6 07:46:49 server slapd[836]: = bdb_equality_candidates: (cn) not
indexed
Jun 6 07:48:51 server slapd[836]: = bdb_equality_candidates: (uidNumber)
not indexed
Jun 6 07:49:20 server slapd[836]: = bdb_equality_candidates: (uid) not
indexed
Jun 6 07:57:07 server slapd[836]: = bdb_equality_candidates: (uid) not
indexed
Jun 6 07:57:07 server slapd[836]: = bdb_equality_candidates: (cn) not
indexed
Jun 6 07:59:35 server slapd[836]: = bdb_equality_candidates: (uid) not
indexed
Jun 6 08:00:00 server slapd[836]: = bdb_equality_candidates: (cn) not
indexed
Jun 6 08:00:01 server slapd[836]: last message repeated 3 times
And from all over the client syslog:
Jun 6 10:53:28 carina kernel: [47636.670075] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:33 carina kernel: [47641.666533] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:38 carina kernel: [47646.662437] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:43 carina kernel: [47651.658844] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:48 carina kernel: [47656.655152] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:53 carina kernel: [47661.651498] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:53:58 carina kernel: [47666.647829] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:54:03 carina kernel: [47671.644084] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:54:08 carina kernel: [47676.640219] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:54:13 carina kernel: [47681.636699] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:54:18 carina kernel: [47686.632981] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:54:23 carina kernel: [47691.629134] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:54:28 carina kernel: [47696.625429] Error: state manager
encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2.
Jun 6 10:54:33 carina kernel: [47701.621717] Error: state manager
encountered RPCSEC_GSS
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
** Also affects: kerberos Importance: Undecided Status: New ** Also affects: nfs-utils Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Folks on #kerberos are saying that this bug is due to a version mismatch between the kernel and nfs-utils. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
Bump? This problem is making my life miserable. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
** Package changed: ubuntu = libauthen-simple-kerberos-perl (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 794112] Re: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
I don't see why this should be related to libauthen-simple-kerberos- perl. ** Package changed: libauthen-simple-kerberos-perl (Ubuntu) = ubuntu -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
