On Thu, 2010-05-27 at 18:05 -0400, Simo Sorce wrote:
> I suspect an SELinux issue in this case, because manually starting it
> will run it as unconfined.
> Can you check /var/log/audit/audit.log ?
It's not in the audit log. The only gss related line in the audit log I
could find is me changing th
Found it.
It was selinux related.
For some reason allow_gssd_read_tmp was off; running
semanage boolean -1 allow_gssd_read_tmp
solved it.
[As a side note: why is this even tunable? Is there a practical usage
mode of rpc.gssd that does not require access to the credential caches?]
Thanks again f
On Thu, 2010-05-27 at 14:30 -0400, Simo Sorce wrote:
> Oh right,
> then I guess you need to look into syslog to see if you can find any
> other hint.
>
> does the gssd daemon log anything ?
It can be made to talk, like this:
rpc.gssd -f -vv -rr
Messages at startup:
Warning: rpcsec_gss l
On Thu, 27 May 2010 23:58:28 +0200
Thomas Sailer wrote:
> For some reason I have no clue about, it does not like my credentials
> cache (/tmp/krb5cc_1591) when not run from the console.
I suspect an SELinux issue in this case, because manually starting it
will run it as unconfined.
Can you check
On Thu, 27 May 2010 19:13:47 +0200
Thomas Sailer wrote:
> On Thu, 2010-05-27 at 12:27 -0400, Simo Sorce wrote:
>
> > Try adding allow_weak_crypto = true to your krb5.conf or
> > alternatively rekey your NFS credentials to add RC4/AES keys
> > (rekeying works only if both client and server kernel
On Thu, 27 May 2010 12:27:49 -0400
Simo Sorce wrote:
> Tom,
apologies, I meant Thomas, not enough sleep I gues :/
Simo.
--
Simo Sorce * Red Hat, Inc * New York
___
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/l
On Thu, 2010-05-27 at 12:27 -0400, Simo Sorce wrote:
> Try adding allow_weak_crypto = true to your krb5.conf or alternatively
> rekey your NFS credentials to add RC4/AES keys (rekeying works only if
> both client and server kernels supporting anything but DES, I think
> F13's kernels should have t
On Wed, 26 May 2010 20:09:16 +0200
Thomas Sailer wrote:
> Hi,
>
> After upgrading one IPA client from Fedora12 to Fedora13 (the server
> runs Fedora12), I'm experiencing NFS4 problems.
>
> I can still mount the server from the client like this:
> mount -t nfs4 -o soft,intr,rsize=8192,wsize=8192
On Thu, 2010-05-27 at 09:09 -0400, Rob Crittenden wrote:
> I assume the keytab is still valid since the mount succeeds and root
> works. Kerberos otherwise works ok on this machine, you can kinit, etc?
Hm, the server didn't change, and on the client klist
-k /etc/krb5.keytab -e does not suggest
Thomas Sailer wrote:
Hi,
After upgrading one IPA client from Fedora12 to Fedora13 (the server
runs Fedora12), I'm experiencing NFS4 problems.
I can still mount the server from the client like this:
mount -t nfs4 -o soft,intr,rsize=8192,wsize=8192,rw,sec=krb5p
server.xxx.com:/home /tmp/z
root c
Hi,
After upgrading one IPA client from Fedora12 to Fedora13 (the server
runs Fedora12), I'm experiencing NFS4 problems.
I can still mount the server from the client like this:
mount -t nfs4 -o soft,intr,rsize=8192,wsize=8192,rw,sec=krb5p
server.xxx.com:/home /tmp/z
root can then successfully li
11 matches
Mail list logo