NFSv4+Kerberos: Special device does not exist

Johan Marcusson independence at blinkenlights.se
Fri Mar 9 13:04:30 EST 2007 

Yes, I was able to mount without -o sec=krb5:
indy independence # mount -v -t nfs4 saturn:/ /mnt/remote1/
saturn:/ on /mnt/remote1 type nfs4 (rw,addr=192.168.0.1)

With -o sec=krb5 gssd with -m -vvvf gave this output:
Using keytab file '/etc/krb5.keytab'
Processing keytab entry for principal
'nfs/indy.marcusson.local at MARCUSSON.LOCAL'
We will use this entry (nfs/indy.marcusson.local at MARCUSSON.LOCAL)
Using (machine) credentials cache:
'FILE:/tmp/krb5cc_machine_MARCUSSON.LOCAL'
destroying client clnt15
handling krb5 upcall
Using keytab file '/etc/krb5.keytab'
INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_MARCUSSON.LOCAL' are
good until 1173549497
using FILE:/tmp/krb5cc_machine_MARCUSSON.LOCAL as credentials cache for
machine creds
using environment variable to select krb5 ccache
FILE:/tmp/krb5cc_machine_MARCUSSON.LOCAL
creating context using fsuid 0 (save_uid 0)
creating tcp client for server saturn.marcusson.local
creating context with server nfs at saturn.marcusson.local
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length
8
doing downcall
destroying client clnt16

svcgssd on the server gave this output with -vvvf:
entering poll
leaving poll
handling null request
readline: read 1080 chars into buffer of size 2048:
\x
\x6082021506092a864886f71201020201006e82020430820200a003020105a10302010ea20703050020000000a38201286182012430820120a003020105a1111b0f4d4152435553534f4e2e4c4f43414ca2283026a003020103a11f301d1b036e66731b1673617475726e2e6d6172637573736f6e2e6c6f63616ca381db3081d8a003020101a103020103a281cb0481c810e580e3f6a37d10715bb98f2727666466e60a6cd8dd36d83e932e01137a86c1d533e0cace4af473489a3b073a60225234650bd98cb523f06a370250d0bf4a185edef3edcd891bfa35a677...
in_handle: 
length 0

in_tok: 
length 537

  0000: 6082 0215 0609 2a86 4886 f712 0102 0201  `.....*.H.......
  0010: 006e 8202 0430 8202 00a0 0302 0105 a103  .n...0..........
  0020: 0201 0ea2 0703 0500 2000 0000 a382 0128  ........ ......(
  0030: 6182 0124 3082 0120 a003 0201 05a1 111b  a..$0.. ........
  0040: 0f4d 4152 4355 5353 4f4e 2e4c 4f43 414c  .MARCUSSON.LOCAL
  0050: a228 3026 a003 0201 03a1 1f30 1d1b 036e  .(0&.......0...n
  0060: 6673 1b16 7361 7475 726e 2e6d 6172 6375  fs..saturn.marcu
  0070: 7373 6f6e 2e6c 6f63 616c a381 db30 81d8  sson.local...0..
  0080: a003 0201 01a1 0302 0103 a281 cb04 81c8  ................
  0090: 10e5 80e3 f6a3 7d10 715b b98f 2727 6664  ......}.q[..''fd
  00a0: 66e6 0a6c d8dd 36d8 3e93 2e01 137a 86c1  f..l..6.>....z..
  00b0: d533 e0ca ce4a f473 489a 3b07 3a60 2252  .3...J.sH.;.:`"R
  00c0: 3465 0bd9 8cb5 23f0 6a37 0250 d0bf 4a18  4e....#.j7.P..J.
  00d0: 5ede f3ed cd89 1bfa 35a6 77a8 243f 7b48  ^.......5.w.$?{H
  00e0: 9d0f 5131 d7b8 1c26 b3a6 89bb 3fd2 15fe  ..Q1...&....?...
  00f0: 4ace fdfb 7ab7 d046 6ef9 e386 d7d7 c620  J...z..Fn...... 
  0100: e5bf c488 435c 1342 fb04 00f2 76dd ef62  ....C\.B....v..b
  0110: 42df c170 b561 29fc ffc3 898e 83d9 5efc  B..p.a).......^.
  0120: 43ab f2af 367b 2533 3fd1 1de6 6fc5 a333  C...6{%3?...o..3
  0130: b727 623d d92b 9cfd 3f2b dee2 a7e8 ee7e  .'b=.+..?+.....~
  0140: 6a3d d962 ddbc 0d25 b547 de1d 23b6 8f10  j=.b...%.G..#...
  0150: 914f 531d 0562 de65 a481 be30 81bb a003  .OS..b.e...0....
  0160: 0201 01a2 81b3 0481 b0c1 7f76 a134 1bc0  ...........v.4..
  0170: 6e27 ee70 055e dda8 c12b 6268 345e 44e4  n'.p.^...+bh4^D.
  0180: 55c1 e270 df55 6528 c73b 0558 7bf5 627d  U..p.Ue(.;.X{.b}
  0190: cb41 9eba 428a 8678 979b aa11 dd91 88a1  .A..B..x........
  01a0: ab33 12f4 28e7 e8d5 b4a9 b02b c64d 8cba  .3..(......+.M..
  01b0: 896c 87c2 8b88 e87d b675 410f f593 36ab  .l.....}.uA...6.
  01c0: c131 18d8 fd82 0e4b ba5e b10f 0532 13f7  .1.....K.^...2..
  01d0: 6c05 0e75 cc50 bffe 04cf e045 fa12 1f3e  l..u.P.....E...>
  01e0: 4200 6518 bb67 c641 1ae8 e44f c8bf 7cd0  B.e..g.A...O..|.
  01f0: 4a83 56cc bac4 ed46 7e15 2b47 36a4 4950  J.V....F~.+G6.IP
  0200: 4411 afae 437e f70e 3bc0 a81c 024f e2a2  D...C~..;....O..
  0210: 3277 a471 7ff3 45e1 9d                   2w.q..E..
sname = nfs/indy.marcusson.local at MARCUSSON.LOCAL
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length
8
doing downcall
\x01000000 2147483647 -1 -1 0 krb5
\x000000000000000080a15850f0f005083899625bf9374d500000000000000000b9f1f2450c45ef2f090000002a864886f7120102020400000008000000e08515e69ead864304000000080000001075e5166e5d76b3 
sending null reply
writing message: \x
\x6082021506092a864886f71201020201006e82020430820200a003020105a10302010ea20703050020000000a38201286182012430820120a003020105a1111b0f4d4152435553534f4e2e4c4f43414ca2283026a003020103a11f301d1b036e66731b1673617475726e2e6d6172637573736f6e2e6c6f63616ca381db3081d8a003020101a103020103a281cb0481c810e580e3f6a37d10715bb98f2727666466e60a6cd8dd36d83e932e01137a86c1d533e0cace4af473489a3b073a60225234650bd98cb523f06a370250d0bf4a185edef3edcd891bfa35a677a8243f7b489d0f5131d7b81c26b3a689bb3...
finished handling null request
entering poll



And the exports on the server look like this:
/export
*(rw,fsid=0,insecure,no_subtree_check,anonuid=65534,anongid=65534)

/export/raid5-storage
gss/krb5(sync,ro,nohide,insecure,no_subtree_check,anonuid=65534,anongid=65534)


Thanks

fre 2007-03-09 klockan 10:15 -0500 skrev Kevin Coffman:
> Are you able to mount with auth_sys?  (leave off "-o sec=krb5")
> 
> What does your /etc/exports look like on the server?
> 
> Enable verbose logging ("-vvv") for rpc.gssd on the client and
> rpc.svcgssd on the server and send their output.
> 
> K.C.
> 
> On 3/8/07, Johan Marcusson <independence at blinkenlights.se> wrote:
> > I've been trying to set up Kerberos5 and NFSv4, but I can't mount the
> > filesystem on my client. I get this when I try to mount:
> >
> > indy independence # mount -v -t nfs4 -o sec=krb5 saturn:/ /mnt/remote1/
> > mount: special device saturn:/ does not exist
> >
> > gssd reports:
> > Using keytab file '/etc/krb5.keytab'
> > doing downcall
> >
> > and in /var/log/messages I get this:
> > Mar  9 05:01:20 indy rpc.idmapd[9967]: New client: 12
> > Mar  9 05:01:20 indy rpc.idmapd[9967]:
> > Opened /var/lib/nfs/rpc_pipefs/nfs/clnt12/idmap
> > Mar  9 05:01:20 indy rpc.idmapd[9967]: Stale client: 12
> > Mar  9 05:01:20 indy rpc.idmapd[9967]:  ->
> > closed /var/lib/nfs/rpc_pipefs/nfs/clnt12/idmap
> >
> > idmapd doesn't say anything at all.
> >
> > I don't see anything strange there, but maybe I'm missing something
> > obvious?
> >
> > I have added the principal on the server, and made the keytab-files.
> >
> > I have mounted the virtual filesystems, nfsd and rpc_pipefs. I have
> > followed the instructions carefully. I do run all the services required
> > on both client and server.
> >
> > klist -k lists:
> >    3 nfs/indy.marcusson.local at MARCUSSON.LOCAL
> >
> > on the client, and:
> >    3 nfs/saturn.marcusson.local at MARCUSSON.LOCAL
> >
> > on the server.
> >
> > The names saturn and indy is resolvable, and they've both got working
> > reverse DNS-thingys. The client's /etc/hosts is almost empty, I wasn't
> > sure if I was supposed to att anything there (felt redundant):
> >
> > 127.0.0.1       localhost
> >
> >
> > On the server, nothing shows up in the syslog.
> >
> > Please help me, I've googled for answers for a really long time now but
> > I can find anything useful :/
> >
> > Regards, Johan
> >
> > _______________________________________________
> > NFSv4 mailing list
> > NFSv4 at linux-nfs.org
> > http://linux-nfs.org/cgi-bin/mailman/listinfo/nfsv4
> >
> >
>

More information about the NFSv4 mailing list