A little encouragement with Kerberos for NFS

Michael D. Norwick mnorwick at centurytel.net
Sat Oct 14 03:38:27 EDT 2006 

Jeff Layton wrote:
>> Neither helped; still getting--
>>   Jul 10 13:39:44 ns3 rpc.svcgssd[2781]: WARNING: get_ids: unable to map 
>> name 'nfs/ns2.an3e.org at AN3E.ORG' to a uid
>>
>>     
>
> See this BZ case:
>
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=197504
>
> The patch posted recently by Kevin C. fixes this.
>
> -- Jeff
>
>
> _______________________________________________
> NFSv4 mailing list
> NFSv4 at linux-nfs.org
> http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
>
>
>   
While finally getting credentials on the server for nfs the client will
not mount due to the errors described in this series of posts.
I did a yum update on FC5 several days ago and would assume that
nfs-utils would have been updated in Fedora by now but apparently
it hasn't;

>#rpm --query --all | grep nfs
nfs-utils-1.0.8-3.fc5
nfs-utils-lib-1.0.8-4.FC5
system-config-nfs-1.3.19-1

I've had dependency issues beyond description going to freshrpm's, dag,
and friends in the past so I pray that this is not the solution to
this problem.  As it is right now, I appear to be in a 'bind' package
mismatch using only fedora mirrors, so immediate updates on this
server are not possible at this moment.  I removed the anonuid and
anongid options out of the exports file but I cannot see how this would
be the root of the problem.

(/etc/exports on the server)

# /etc/exports created 08/22/06 mdn

# /mnt/tmp 192.168.1.0(rw,insecure,sync)
#/mnt/home 192.168.1.0/255.255.255.0(rw,secure,async)

/srv/nfs4 gss/krb5(sync,rw,fsid=0,insecure,no_subtree_check)
/srv/nfs4 gss/krb5i(sync,rw,fsid=0,insecure,no_subtree_check)
/srv/nfs4 gss/krb5p(sync,rw,fsid=0,insecure,no_subtree_check)

#/srv/nfs4/rocinante
gss/krb5(sync,rw,fsid=0,insecure,no_subtree_check,anonuid=65534,anongid=65534)
#/srv/nfs4/pegasus
gss/krb5(sync,rw,fsid=0,insecure,no_subtree_check,anonuid=65534,anongid=65534)

(/etc/fstab on the client)

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/hda2       /               ext3    defaults,errors=remount-ro 0       1
/dev/hdb2       /home           ext3    defaults        0       2
/dev/hda1       none            swap    sw              0       0
/dev/hdb1       none            swap    sw              0       0
/dev/hde6       none            swap    sw              0       0
/dev/hde1       /var            ext3    defaults        0       0
/dev/hde5       /usr            ext3    defaults        0       0
/dev/hde7       /opt            ext3    defaults        0       0
/dev/hde8       /usr/src        ext3    defaults        0       0
/dev/hdc        /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0
192.168.1.3:/srv/nfs4 /srv/nfs4/server1 nfs4
proto=tcp,sec=krb5,hard,intr    0       0
#192.168.1.3:/mnt/home /mnt/server1/home nfs defaults        0       0

(from the client)

Warning: rpc.idmapd appears not to be running.
         All uids will be mapped to the nobody uid.
Warning: rpc.gssd appears not to be running.
mount: block device 192.168.1.3:/srv/nfs4 is write-protected, mounting
read-only
Warning: rpc.idmapd appears not to be running.
         All uids will be mapped to the nobody uid.
Warning: rpc.gssd appears not to be running.

># tail /var/log/messages (on the server)
Oct 14 02:21:59 server1 rpc.svcgssd[22411]:   01d0: 16cf d499 4e35 bc0f
2b2c aa26 989e ca8c  ....N5..+,.&....
Oct 14 02:21:59 server1 rpc.svcgssd[22411]:   01e0: 7e60 196a d587 c3bf
f713 8e64 3fe9 159e  ~`.j.......d?...
Oct 14 02:21:59 server1 rpc.svcgssd[22411]:   01f0: 409a fad6 c868 23e8
bc10 d2a4 44c6 21d6  @....h#.....D.!.
Oct 14 02:21:59 server1 rpc.svcgssd[22411]:   0200: dde7
3060                                ..0`
Oct 14 02:21:59 server1 rpc.svcgssd[22411]: sname =
nfs/rocinante.norwickhouse.net at NORWICKHOUSE.NET
Oct 14 02:21:59 server1 rpc.svcgssd[22411]: WARNING: get_ids: unable to
map name 'nfs/rocinante.norwickhouse.net at NORWICKHOUSE.NET' to a uid
Oct 14 02:21:59 server1 rpc.svcgssd[22411]: sending null reply
Oct 14 02:21:59 server1 rpc.svcgssd[22411]:
Oct 14 02:21:59 server1 rpc.svcgssd[22411]: finished handling null request
Oct 14 02:21:59 server1 rpc.svcgssd[22411]: entering poll

mount: cannot mount block device 192.168.1.3:/srv/nfs4 read-only

I've been following the CITI docs, the mailing list, and have 4 other
kerberized services (ldap, ssh-krb5, etc...) running correctly.  NFS
without rpc.gssd works
normally.  What am I doing wrong?  Should I file another bug report to
the Fedora team?
Oh, and rpc.gssd, rpc.svcgssd, and rpc.idmapd are running!

Thank You,
Michael

More information about the NFSv4 mailing list