RPC: AUTH_GSS upcall timed out -- out of ideas

Andri aoeuid at gmail.com
Fri Oct 13 21:20:22 EDT 2006 

Hey!

Been wrestling with Kerberos and NFS for the last few days, and haven't
been successful yet, so I'm hoping someone with a bit more knowledge
could point out the thing I've missed :)

Trying to connect a Gentoo machine (client) with a Debian Etch (server,
NFS and Kerberos), yet every time I'm greeted with:
RPC: AUTH_GSS upcall timed out.
Please check user daemon is running!
-- in the syslog when trying to mount. NFS without -o sec=krb5 works fine.

I don't have prior experience with Kerberos, so I'm not very sure what
each service does, as I haven't found that much info on the internals of
it all.. yet:
Just in case I ran rpc.gssd on both, rpc.svcgssd runs on the server,
idmap, and other also, which all get executed by the init.d nfs, krb5
scripts.
I created both the host/client at REALM and nfs/client at REALM princs, and
exported them both to a /etc/krb5.keytab on the client, then added the
(host/nfs)/server at REALM and exported them to the server's /etc/krb5.keytab.
Kinit seems to work, also starting gssd on the client prints this to the
krb5 log files on the server, so I take it that at least something works
(if, of course, I'm interpreting it correctly :)):
krb5kdc[24413](info): AS_REQ (1 etypes {1}) 10.0.1.1: ISSUE: authtime
1160771109, etypes {rep=1 tkt=1 ses=1}, nfs/client at REALM for
krbtgt/REALM at REALM

I've tried to follow the few HOWTO-s I've found on the Kerberos and NFS
subject, and even found a posting about that upcall failed error that
someone was connecting with a missing /etc/hosts entry, but those
haven't yet helped me solve the issue, unfortunately.

I can see some packets moving: the lats before the FIN packets from the
client's side are NFS NULL packets -- the server sends a null reply to a
request, but as I'm not familiar with the NFS protocol, don't know if
that's important.

If it's of any help, I'll add the versions of the packages I could see
and find being relevant.
Debian Etch (server):
nfs-kernel-server/etch uptodate 1:1.0.10-1
nfs-common/etch uptodate 1:1.0.10-1
libnfsidmap2/etch uptodate 0.17-3
libgssapi2/etch uptodate 0.10-3
librpcsecgss3/etch uptodate 0.14-2

Gentoo (client) has:
net-fs/nfs-utils v1.0.10
sys-kernel/gentoo-sources v2.6.18 with CONFIG_RPCSEC_GSS_KRB5=y
net-libs/librpcsecgss v0.14-r1
app-crypt/libgssapi v0.10
net-libs/libnfsidmap v0.17

Gssd on the client also throws a warning:
WARNING: gssd_obtain_kernel_krb5_info: Unable to open
'/var/lib/nfs/rpc_pipefs/nfs/krb5_info'. Unable to determine Kerberos
encryption types supported by the kernel; using defaults (1,3,2).
..yet reading it on this list says that's not important.

Hopefully someone can point out the single thing I've missed that would
make everything work as a charm.


Thank you in advance!


Andri

More information about the NFSv4 mailing list