tor 2010-10-21 klockan 10:34 -0700 skrev James A. Peltier:
----- Original Message -----
[...]
Please post a copy of your /etc/* files listed above so that we might be able to look to make sure everything is correct. You may want to look at ensuring that
SECURE_NFS="yes" RPCGSSDARGS="-vvv" RPCSVCGSSDARGS="-vvv"
is uncommented in /etc/sysconfig/nfs
Only the first line was uncommented previously. With all three, I get this in /var/log/messages:
Oct 22 09:45:46 pc13287 kernel: FS-Cache: Loaded Oct 22 09:45:46 pc13287 rpc.gssd[2609]: handling krb5 upcall Oct 22 09:45:46 pc13287 rpc.gssd[2609]: Using keytab file '/etc/krb5.keytab' Oct 22 09:45:46 pc13287 rpc.gssd[2609]: INFO: Credentials in CC 'MEMORY:/tmp/krb5cc_machine_IFM.LIU.SE' are good until 1287817962 Oct 22 09:45:46 pc13287 rpc.gssd[2609]: using MEMORY:/tmp/krb5cc_machine_IFM.LIU.SE as credentials cache for machine creds Oct 22 09:45:46 pc13287 rpc.gssd[2609]: using environment variable to select krb5 ccache MEMORY:/tmp/krb5cc_machine_IFM.LIU.SE Oct 22 09:45:46 pc13287 rpc.gssd[2609]: creating context using fsuid 0 (save_uid 0) Oct 22 09:45:46 pc13287 rpc.gssd[2609]: creating tcp client for server triangulum.ifm.liu.se Oct 22 09:45:46 pc13287 rpc.gssd[2609]: creating context with server nfs@triangulum.ifm.liu.se Oct 22 09:45:46 pc13287 rpc.gssd[2609]: rpcsec_gss: gss_init_sec_context: (major) Unspecified GSS failure. Minor code may provide more information - (minor) Unknown code krb5 60 Oct 22 09:45:46 pc13287 rpc.gssd[2609]: WARNING: Failed to create krb5 context for user with uid 0 for server triangulum.ifm.liu.se Oct 22 09:45:46 pc13287 rpc.gssd[2609]: WARNING: Failed to create krb5 context for user with uid 0 with credentials cache MEMORY:/tmp/krb5cc_machine_IFM.LIU.SE for server triangulum.ifm.liu.se Oct 22 09:45:46 pc13287 rpc.gssd[2609]: WARNING: Failed to create krb5 context for user with uid 0 with any credentials cache for server triangulum.ifm.liu.se Oct 22 09:45:46 pc13287 rpc.gssd[2609]: doing error downcall Oct 22 09:45:46 pc13287 rpc.gssd[2609]: destroying client clnt1 Oct 22 09:45:46 pc13287 rpc.gssd[2609]: destroying client clnt0
I started tail -f on the log and then ran ssh hans@pc13287 in another window. All the above appeared immediately, before I had entered any password (and nothing was logged after entering the password).
There might be others missing but we would be able to help best if we know the contents of these files
# grep -v '^#' /etc/sysconfig/nfs SECURE_NFS="yes" RPCGSSDARGS="-vvv" RPCSVCGSSDARGS="-vvv"
# cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 130.236.170.165 pc13287 130.236.160.4 loghost.ifm.liu.se loghost
# cat /etc/idmapd.conf [General]
Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = ifm.liu.se
[Mapping]
Nobody-User = nobody Nobody-Group = nobody
[Translation] Method = nsswitch
# cat /etc/krb5.conf [libdefaults] default_realm = IFM.LIU.SE default_tgs_enctypes = des-cbc-md5 default_tkt_enctypes = des-cbc-md5 # udp_preference_limit = 0 dns_lookup_realm = false dns_lookup_kdc = false allow_weak_crypto = true
[realms] IFM.LIU.SE = { kdc = as-slave-1.ifm.liu.se kdc = as-slave-2.ifm.liu.se kdc = as-master.ifm.liu.se admin_server = as-master.ifm.liu.se } [... other realms deleted ...]
[domain_realm] .edu.isy.liu.se = STUDENT.LIU.SE .edu.ifm.liu.se = STUDENT.LIU.SE .edu.mai.liu.se = STUDENT.LIU.SE .ad.ifm.liu.se = AD.IFM.LIU.SE ifm.liu.se = IFM.LIU.SE .ifm.liu.se = IFM.LIU.SE isy.liu.se = ISY.LIU.SE .isy.liu.se = ISY.LIU.SE lysator.liu.se = LYSATOR.LIU.SE .lysator.liu.se = LYSATOR.LIU.SE .liu.se = AD.LIU.SE
[logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d versions = 10 }
[appdefaults] kinit = { renewable = true forwardable= true } gkadmin = { help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195 }
# cat /etc/host.conf order hosts,bind
# grep -v '^#' /etc/nsswitch.conf passwd: files nis shadow: files nis group: files nis hosts: files nis dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files nis publickey: nisplus automount: files nis aliases: files nisplus
# cat /etc/resolv.conf ; generated by /sbin/dhclient-script search ad.ifm.liu.se nameserver 130.236.168.6 nameserver 130.236.168.7 nameserver 130.236.160.3
And while we're at it, this is how DNS looks:
# hostname pc13287 # nslookup pc13287 Server: 130.236.168.6 Address: 130.236.168.6#53
Name: pc13287.ad.ifm.liu.se Address: 130.236.170.165
# nslookup 130.236.170.165 Server: 130.236.168.6 Address: 130.236.168.6#53
165.170.236.130.in-addr.arpa name = pc13287.ad.ifm.liu.se.
Hans