[Freeipa-users] Error with kerberos users
Hello, what is wrong on my setup? This is a normal install with ipa-server-install and ipa-client install on 5 KVM clients. CentOs 7 WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6912]: doing error downcall Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handle_gssd_upcall: 'mech=krb5 uid=22521 enctypes=18,17,16,23,3,1,2 ' Mar 3 16:28:22 smtp1 rpc.gssd[6913]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[6913]: process_krb5_upcall: service is 'null' Mar 3 16:28:22 smtp1 rpc.gssd[6913]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No Kerberos credentials available Mar 3 16:28:22 smtp1 rpc.gssd[6913]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: CC '/tmp/krb5ccmachine_GJN.PRV' being considered, with preferred realm 'GJN.PRV' Mar 3 16:28:22 smtp1 rpc.gssd[6913]: CC '/tmp/krb5ccmachine_GJN.PRV' owned by 0, not 22521 Mar 3 16:28:22 smtp1 rpc.gssd[6913]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: Error doing scandir on directory '/run/user/22521': No such file or directory Mar 3 16:28:22 smtp1 rpc.gssd[6913]: WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: doing error downcall Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handle_gssd_upcall: 'mech=krb5 uid=22521 enctypes=18,17,16,23,3,1,2 ' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[6914]: process_krb5_upcall: service is 'null' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No Kerberos credentials available Mar 3 16:28:22 smtp1 rpc.gssd[6914]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6914]: CC '/tmp/krb5ccmachine_GJN.PRV' being considered, with preferred realm 'GJN.PRV' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: CC '/tmp/krb5ccmachine_GJN.PRV' owned by 0, not 22521 Mar 3 16:28:22 smtp1 rpc.gssd[6914]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6914]: Error doing scandir on directory '/run/user/22521': No such file or directory Mar 3 16:28:22 smtp1 rpc.gssd[6914]: WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Thank's for answer. -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Error with kerberos users
On 03/03/2015 10:39 AM, Günther J. Niederwimmer wrote: Hello, what is wrong on my setup? This is a normal install with ipa-server-install and ipa-client install on 5 KVM clients. CentOs 7 WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6912]: doing error downcall Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handle_gssd_upcall: 'mech=krb5 uid=22521 enctypes=18,17,16,23,3,1,2 ' Mar 3 16:28:22 smtp1 rpc.gssd[6913]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[6913]: process_krb5_upcall: service is 'null' I assume this is a log from the nfs client shoing the attempt to access NFS server. Seems like something is misconfigured in the nfs configuration or there is a mismatch between the acceptable encryption types on the server and on the client. Mar 3 16:28:22 smtp1 rpc.gssd[6913]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No Kerberos credentials available Mar 3 16:28:22 smtp1 rpc.gssd[6913]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: CC '/tmp/krb5ccmachine_GJN.PRV' being considered, with preferred realm 'GJN.PRV' Mar 3 16:28:22 smtp1 rpc.gssd[6913]: CC '/tmp/krb5ccmachine_GJN.PRV' owned by 0, not 22521 Mar 3 16:28:22 smtp1 rpc.gssd[6913]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: Error doing scandir on directory '/run/user/22521': No such file or directory Mar 3 16:28:22 smtp1 rpc.gssd[6913]: WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: doing error downcall Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handle_gssd_upcall: 'mech=krb5 uid=22521 enctypes=18,17,16,23,3,1,2 ' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[6914]: process_krb5_upcall: service is 'null' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No Kerberos credentials available Mar 3 16:28:22 smtp1 rpc.gssd[6914]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6914]: CC '/tmp/krb5ccmachine_GJN.PRV' being considered, with preferred realm 'GJN.PRV' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: CC '/tmp/krb5ccmachine_GJN.PRV' owned by 0, not 22521 Mar 3 16:28:22 smtp1 rpc.gssd[6914]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6914]: Error doing scandir on directory '/run/user/22521': No such file or directory Mar 3 16:28:22 smtp1 rpc.gssd[6914]: WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Thank's for answer. -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Error with kerberos users
On 03/03/2015 12:35 PM, Günther J. Niederwimmer wrote: Hello, Am Dienstag, 3. März 2015, 11:15:14 schrieb Dmitri Pal: On 03/03/2015 10:39 AM, Günther J. Niederwimmer wrote: Hello, what is wrong on my setup? This is a normal install with ipa-server-install and ipa-client install on 5 KVM clients. CentOs 7 WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Can this be correct ?? I make a kinit with this user ? Mar 3 16:28:22 smtp1 rpc.gssd[6912]: doing error downcall Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handle_gssd_upcall: 'mech=krb5 uid=22521 enctypes=18,17,16,23,3,1,2 ' Mar 3 16:28:22 smtp1 rpc.gssd[6913]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[6913]: process_krb5_upcall: service is 'null' I assume this is a log from the nfs client shoing the attempt to access NFS server. Seems like something is misconfigured in the nfs configuration or there is a mismatch between the acceptable encryption types on the server and on the client. Yes this is a log from nfs-client but on the server I have the same Errors. I have all docs I found read .-(. Mar 3 16:28:22 smtp1 rpc.gssd[6913]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No Kerberos credentials available Mar 3 16:28:22 smtp1 rpc.gssd[6913]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: CC '/tmp/krb5ccmachine_GJN.PRV' being considered, with preferred realm 'GJN.PRV' Mar 3 16:28:22 smtp1 rpc.gssd[6913]: CC '/tmp/krb5ccmachine_GJN.PRV' owned by 0, not 22521 Mar 3 16:28:22 smtp1 rpc.gssd[6913]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: Error doing scandir on directory '/run/user/22521': No such file or directory Why I have no User (?) and this is not created by a kinit ? Mar 3 16:28:22 smtp1 rpc.gssd[6913]: WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: doing error downcall Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handle_gssd_upcall: 'mech=krb5 uid=22521 enctypes=18,17,16,23,3,1,2 ' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[6914]: process_krb5_upcall: service is 'null' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No Kerberos credentials available Mar 3 16:28:22 smtp1 rpc.gssd[6914]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6914]: CC '/tmp/krb5ccmachine_GJN.PRV' being considered, with preferred realm 'GJN.PRV' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: CC '/tmp/krb5ccmachine_GJN.PRV' owned by 0, not 22521 Mar 3 16:28:22 smtp1 rpc.gssd[6914]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6914]: Error doing scandir on directory '/run/user/22521': No such file or directory Mar 3 16:28:22 smtp1 rpc.gssd[6914]: WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Thank's for answer. If this is the client. Let us step back and ask the following questions: a) Are users resolvable using id command and friends? b) Can you do kinit as an ipa user from the client? c) Can you log in to that system? In 7 the credential cache created by SSSD is in kernel keyring but it seems that NFS client is looking for it in /tmp. What is the sequence of operations? What do you actually do before you observe this error (for example: reboot, log into the system using sssd...)? -- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
Re: [Freeipa-users] Error with kerberos users
Hello, Am Dienstag, 3. März 2015, 11:15:14 schrieb Dmitri Pal: On 03/03/2015 10:39 AM, Günther J. Niederwimmer wrote: Hello, what is wrong on my setup? This is a normal install with ipa-server-install and ipa-client install on 5 KVM clients. CentOs 7 WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Can this be correct ?? I make a kinit with this user ? Mar 3 16:28:22 smtp1 rpc.gssd[6912]: doing error downcall Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handle_gssd_upcall: 'mech=krb5 uid=22521 enctypes=18,17,16,23,3,1,2 ' Mar 3 16:28:22 smtp1 rpc.gssd[6913]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[6913]: process_krb5_upcall: service is 'null' I assume this is a log from the nfs client shoing the attempt to access NFS server. Seems like something is misconfigured in the nfs configuration or there is a mismatch between the acceptable encryption types on the server and on the client. Yes this is a log from nfs-client but on the server I have the same Errors. I have all docs I found read .-(. Mar 3 16:28:22 smtp1 rpc.gssd[6913]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No Kerberos credentials available Mar 3 16:28:22 smtp1 rpc.gssd[6913]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: CC '/tmp/krb5ccmachine_GJN.PRV' being considered, with preferred realm 'GJN.PRV' Mar 3 16:28:22 smtp1 rpc.gssd[6913]: CC '/tmp/krb5ccmachine_GJN.PRV' owned by 0, not 22521 Mar 3 16:28:22 smtp1 rpc.gssd[6913]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: Error doing scandir on directory '/run/user/22521': No such file or directory Why I have no User (?) and this is not created by a kinit ? Mar 3 16:28:22 smtp1 rpc.gssd[6913]: WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6913]: doing error downcall Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[32155]: handle_gssd_upcall: 'mech=krb5 uid=22521 enctypes=18,17,16,23,3,1,2 ' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt5) Mar 3 16:28:22 smtp1 rpc.gssd[6914]: process_krb5_upcall: service is 'null' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: ERROR: GSS-API: error in gss_acquire_cred(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No Kerberos credentials available Mar 3 16:28:22 smtp1 rpc.gssd[6914]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6914]: CC '/tmp/krb5ccmachine_GJN.PRV' being considered, with preferred realm 'GJN.PRV' Mar 3 16:28:22 smtp1 rpc.gssd[6914]: CC '/tmp/krb5ccmachine_GJN.PRV' owned by 0, not 22521 Mar 3 16:28:22 smtp1 rpc.gssd[6914]: getting credentials for client with uid 22521 for server bbs.gjn.prv Mar 3 16:28:22 smtp1 rpc.gssd[6914]: Error doing scandir on directory '/run/user/22521': No such file or directory Mar 3 16:28:22 smtp1 rpc.gssd[6914]: WARNING: Failed to create krb5 context for user with uid 22521 for server bbs.gjn.prv Thank's for answer. -- mit freundlichen Grüßen / best Regards, Günther J. Niederwimmer -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project