Re: [Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-27 Thread Thomas Sailer
On Thu, 2010-05-27 at 18:05 -0400, Simo Sorce wrote: > I suspect an SELinux issue in this case, because manually starting it > will run it as unconfined. > Can you check /var/log/audit/audit.log ? It's not in the audit log. The only gss related line in the audit log I could find is me changing th

Re: [Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-27 Thread Thomas Sailer
Found it. It was selinux related. For some reason allow_gssd_read_tmp was off; running semanage boolean -1 allow_gssd_read_tmp solved it. [As a side note: why is this even tunable? Is there a practical usage mode of rpc.gssd that does not require access to the credential caches?] Thanks again f

Re: [Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-27 Thread Thomas Sailer
On Thu, 2010-05-27 at 14:30 -0400, Simo Sorce wrote: > Oh right, > then I guess you need to look into syslog to see if you can find any > other hint. > > does the gssd daemon log anything ? It can be made to talk, like this: rpc.gssd -f -vv -rr Messages at startup: Warning: rpcsec_gss l

Re: [Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-27 Thread Simo Sorce
On Thu, 27 May 2010 23:58:28 +0200 Thomas Sailer wrote: > For some reason I have no clue about, it does not like my credentials > cache (/tmp/krb5cc_1591) when not run from the console. I suspect an SELinux issue in this case, because manually starting it will run it as unconfined. Can you check

Re: [Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-27 Thread Simo Sorce
On Thu, 27 May 2010 19:13:47 +0200 Thomas Sailer wrote: > On Thu, 2010-05-27 at 12:27 -0400, Simo Sorce wrote: > > > Try adding allow_weak_crypto = true to your krb5.conf or > > alternatively rekey your NFS credentials to add RC4/AES keys > > (rekeying works only if both client and server kernel

Re: [Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-27 Thread Simo Sorce
On Thu, 27 May 2010 12:27:49 -0400 Simo Sorce wrote: > Tom, apologies, I meant Thomas, not enough sleep I gues :/ Simo. -- Simo Sorce * Red Hat, Inc * New York ___ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/l

Re: [Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-27 Thread Thomas Sailer
On Thu, 2010-05-27 at 12:27 -0400, Simo Sorce wrote: > Try adding allow_weak_crypto = true to your krb5.conf or alternatively > rekey your NFS credentials to add RC4/AES keys (rekeying works only if > both client and server kernels supporting anything but DES, I think > F13's kernels should have t

Re: [Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-27 Thread Simo Sorce
On Wed, 26 May 2010 20:09:16 +0200 Thomas Sailer wrote: > Hi, > > After upgrading one IPA client from Fedora12 to Fedora13 (the server > runs Fedora12), I'm experiencing NFS4 problems. > > I can still mount the server from the client like this: > mount -t nfs4 -o soft,intr,rsize=8192,wsize=8192

Re: [Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-27 Thread Thomas Sailer
On Thu, 2010-05-27 at 09:09 -0400, Rob Crittenden wrote: > I assume the keytab is still valid since the mount succeeds and root > works. Kerberos otherwise works ok on this machine, you can kinit, etc? Hm, the server didn't change, and on the client klist -k /etc/krb5.keytab -e does not suggest

Re: [Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-27 Thread Rob Crittenden
Thomas Sailer wrote: Hi, After upgrading one IPA client from Fedora12 to Fedora13 (the server runs Fedora12), I'm experiencing NFS4 problems. I can still mount the server from the client like this: mount -t nfs4 -o soft,intr,rsize=8192,wsize=8192,rw,sec=krb5p server.xxx.com:/home /tmp/z root c

[Freeipa-users] NFS4 after client upgrade to Fedora 13

2010-05-26 Thread Thomas Sailer
Hi, After upgrading one IPA client from Fedora12 to Fedora13 (the server runs Fedora12), I'm experiencing NFS4 problems. I can still mount the server from the client like this: mount -t nfs4 -o soft,intr,rsize=8192,wsize=8192,rw,sec=krb5p server.xxx.com:/home /tmp/z root can then successfully li