RPC: AUTH_GSS upcall timed out -- out of ideas
Kevin Coffman
kwc at citi.umich.edu
Sat Oct 14 06:37:07 EDT 2006
On 10/13/06, Andri <aoeuid at gmail.com> wrote:
> Hey!
>
> Been wrestling with Kerberos and NFS for the last few days, and haven't
> been successful yet, so I'm hoping someone with a bit more knowledge
> could point out the thing I've missed :)
>
> Trying to connect a Gentoo machine (client) with a Debian Etch (server,
> NFS and Kerberos), yet every time I'm greeted with:
> RPC: AUTH_GSS upcall timed out.
> Please check user daemon is running!
> -- in the syslog when trying to mount. NFS without -o sec=krb5 works fine.
>
> I don't have prior experience with Kerberos, so I'm not very sure what
> each service does, as I haven't found that much info on the internals of
> it all.. yet:
> Just in case I ran rpc.gssd on both, rpc.svcgssd runs on the server,
> idmap, and other also, which all get executed by the init.d nfs, krb5
> scripts.
> I created both the host/client at REALM and nfs/client at REALM princs, and
> exported them both to a /etc/krb5.keytab on the client, then added the
> (host/nfs)/server at REALM and exported them to the server's /etc/krb5.keytab.
> Kinit seems to work, also starting gssd on the client prints this to the
> krb5 log files on the server, so I take it that at least something works
> (if, of course, I'm interpreting it correctly :)):
> krb5kdc[24413](info): AS_REQ (1 etypes {1}) 10.0.1.1: ISSUE: authtime
> 1160771109, etypes {rep=1 tkt=1 ses=1}, nfs/client at REALM for
> krbtgt/REALM at REALM
>
> I've tried to follow the few HOWTO-s I've found on the Kerberos and NFS
> subject, and even found a posting about that upcall failed error that
> someone was connecting with a missing /etc/hosts entry, but those
> haven't yet helped me solve the issue, unfortunately.
>
> I can see some packets moving: the lats before the FIN packets from the
> client's side are NFS NULL packets -- the server sends a null reply to a
> request, but as I'm not familiar with the NFS protocol, don't know if
> that's important.
>
> If it's of any help, I'll add the versions of the packages I could see
> and find being relevant.
> Debian Etch (server):
> nfs-kernel-server/etch uptodate 1:1.0.10-1
> nfs-common/etch uptodate 1:1.0.10-1
> libnfsidmap2/etch uptodate 0.17-3
> libgssapi2/etch uptodate 0.10-3
> librpcsecgss3/etch uptodate 0.14-2
>
> Gentoo (client) has:
> net-fs/nfs-utils v1.0.10
> sys-kernel/gentoo-sources v2.6.18 with CONFIG_RPCSEC_GSS_KRB5=y
> net-libs/librpcsecgss v0.14-r1
> app-crypt/libgssapi v0.10
> net-libs/libnfsidmap v0.17
>
> Gssd on the client also throws a warning:
> WARNING: gssd_obtain_kernel_krb5_info: Unable to open
> '/var/lib/nfs/rpc_pipefs/nfs/krb5_info'. Unable to determine Kerberos
> encryption types supported by the kernel; using defaults (1,3,2).
> ..yet reading it on this list says that's not important.
>
> Hopefully someone can point out the single thing I've missed that would
> make everything work as a charm.
>
>
> Thank you in advance!
>
>
> Andri
Please send the (remaining) info requested here:
http://www.citi.umich.edu/projects/nfsv4/linux/faq/#kerberos
More information about the NFSv4
mailing list