Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Kernel (http://www.linux-archive.org/debian-kernel/)
-   -   Bug#622146: nfs-kernel-server: error Encryption type not permitted (http://www.linux-archive.org/debian-kernel/598472-bug-622146-nfs-kernel-server-error-encryption-type-not-permitted.html)

Russ Allbery 11-14-2011 07:27 PM

Bug#622146: nfs-kernel-server: error Encryption type not permitted
 
"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:

> P.S. But kinit gets the same ticket from KDC? Or kinit does not use the
> kernel and uses the tools of userland-level?

The NFS server, client, and KDC all have to agree on a single encryption
type, and the encryption type of the service ticket issued by the KDC to
the client has to be in an encryption type that the NFS server supports.

> root@debian:~# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: nfs/debian.sag.local@SAG.LOCAL

> Valid starting Expires Service principal
> 11/14/11 22:51:28 11/15/11 08:51:36 krbtgt/SAG.LOCAL@SAG.LOCAL
> renew until 11/15/11 22:51:28

It would be more interesting to run klist -e after attempting to contact
the server, so that you can see what the encryption type of the service
ticket for the NFS server was.

--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 8739dqcuwa.fsf@windlord.stanford.edu">http://lists.debian.org/8739dqcuwa.fsf@windlord.stanford.edu

"Kramarenko A. Maxim" 11-15-2011 04:35 AM

Bug#622146: nfs-kernel-server: error Encryption type not permitted
 
Russ Allbery <rra@debian.org> писал(а) в своём письме Tue, 15 Nov 2011
00:27:01 +0400:



"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:


The NFS server, client, and KDC all have to agree on a single encryption
type, and the encryption type of the service ticket issued by the KDC to
the client has to be in an encryption type that the NFS server supports.
KDC supports the types of encryption
(http://technet.microsoft.com/en-us/library/dd560670(WS.10).aspx):

AES256-CTS-HMAC-SHA1-96
AES128-CTS-HMAC-SHA1-96
RC4-HMAC
The NFS server is the core:
ARCHIV ~ # uname -a
Linux ARCHIV 2.6.39-bpo.2-686-pae #1 SMP Thu Aug 4 11:02:22 UTC 2011 i686
GNU/Linux

As you said above, it supports:
AES256-CTS-HMAC-SHA1-96
AES128-CTS-HMAC-SHA1-96
RC4-HMAC
The NFS client has a core:
root@debian:~# uname -a
Linux debian 3.0.0-1-486 #1 Sat Aug 27 15:56:48 UTC 2011 i686 GNU/Linux
It is older than the server, respectively, should also support the above
types of encryption.
(If the server and client on the kernel Linux debian 3.0.0-1-486 # 1, then
there is no error ...)


I tried to tune in krb5.conf on the client and server NFS (last letter):
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
permitted_enctypes = rc4-hmac

But still there was an error on NFS server:
Nov 14 22:54:40 archiv rpc.svcgssd[4812]: ERROR: GSS-API: error in
handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS
failure. Minor code may provide more information) - No supported
encryption types (config file error?)
Nov 14 22:54:40 archiv rpc.svcgssd[4812]: ERROR: GSS-API: error in
handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS
failure. Minor code may provide more information) - No supported
encryption types (config file error?)





It would be more interesting to run klist -e after attempting to contact
the server, so that you can see what the encryption type of the service
ticket for the NFS server was.


on client:

root@debian:~# kinit -k nfs/debian.sag.local
root@debian:~# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: nfs/debian.sag.local@SAG.LOCAL

Valid starting Expires Service principal
11/15/11 09:27:22 11/15/11 19:27:30 krbtgt/SAG.LOCAL@SAG.LOCAL
renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac


...and on server:

ARCHIV ~ # kinit -k nfs/archiv.sag.local
ARCHIV ~ # klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: nfs/archiv.sag.local@SAG.LOCAL

Valid starting Expires Service principal
11/15/11 09:26:37 11/15/11 19:26:42 krbtgt/SAG.LOCAL@SAG.LOCAL
renew until 11/16/11 09:26:37, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5


--
Best Regards



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: op.v4y244dleaxn5m@odmen.sag.local">http://lists.debian.org/op.v4y244dleaxn5m@odmen.sag.local

Russ Allbery 11-15-2011 04:54 AM

Bug#622146: nfs-kernel-server: error Encryption type not permitted
 
"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:

>> It would be more interesting to run klist -e after attempting to contact
>> the server, so that you can see what the encryption type of the service
>> ticket for the NFS server was.

> on client:

> root@debian:~# kinit -k nfs/debian.sag.local
> root@debian:~# klist -e
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: nfs/debian.sag.local@SAG.LOCAL

> Valid starting Expires Service principal
> 11/15/11 09:27:22 11/15/11 19:27:30 krbtgt/SAG.LOCAL@SAG.LOCAL
> renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac,
> arcfour-hmac

No, this is the TGT for the client's principal. Rather than running klist
-e immediately after obtaining credentials, run kinit and then try to
access NFS (so that rpc.gssd will obtain a service ticket for the server)
and *then* run klist -e and look at what encryption type the service
ticket for nfs/archiv.sag.local@SAG.LOCAL has.

--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87obwe2ane.fsf@windlord.stanford.edu">http://lists.debian.org/87obwe2ane.fsf@windlord.stanford.edu

"Kramarenko A. Maxim" 11-15-2011 06:14 AM

Bug#622146: nfs-kernel-server: error Encryption type not permitted
 
Russ Allbery <rra@debian.org> писал(а) в своём письме Tue, 15 Nov 2011
09:54:29 +0400:



"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:

It would be more interesting to run klist -e after attempting to
contact

the server, so that you can see what the encryption type of the service
ticket for the NFS server was.



on client:



root@debian:~# kinit -k nfs/debian.sag.local
root@debian:~# klist -e
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: nfs/debian.sag.local@SAG.LOCAL



Valid starting Expires Service principal
11/15/11 09:27:22 11/15/11 19:27:30 krbtgt/SAG.LOCAL@SAG.LOCAL
renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac


No, this is the TGT for the client's principal. Rather than running
klist

-e immediately after obtaining credentials, run kinit and then try to
access NFS (so that rpc.gssd will obtain a service ticket for the server)
and *then* run klist -e and look at what encryption type the service
ticket for nfs/archiv.sag.local@SAG.LOCAL has.



It's done.
On client mount and klist:

root@debian:~# mount -vvv -t nfs4 -o sec=krb5 archiv:/nfs /mnt2
mount: fstab path: "/etc/fstab"
mount: mtab path: "/etc/mtab"
mount: lock path: "/etc/mtab~"
mount: temp path: "/etc/mtab.tmp"
mount: UID: 0
mount: eUID: 0
mount: spec: "archiv:/nfs"
mount: node: "/mnt2"
mount: types: "nfs4"
mount: opts: "sec=krb5"
mount: external mount: argv[0] = "/sbin/mount.nfs4"
mount: external mount: argv[1] = "archiv:/nfs"
mount: external mount: argv[2] = "/mnt2"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,sec=krb5"
mount.nfs4: timeout set for Tue Nov 15 11:09:25 2011
mount.nfs4: trying text-based options
'sec=krb5,addr=10.0.0.6,clientaddr=10.0.0.50'

mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting archiv:/nfs
root@debian:~# ls -la /tmp/
итого 8
drwxrwxrwt 4 root root 100 Ноя 15 11:07 .
drwxr-xr-x 24 root root 4096 Ноя 14 16:55 ..
drwxrwxrwt 2 root root 40 Ноя 14 12:28 .ICE-unix
-rw------- 1 root root 2444 Ноя 15 11:07 krb5cc_machine_SAG.LOCAL
drwxrwxrwt 2 root root 40 Ноя 14 12:28 .X11-unix
root@debian:~# klist -e /tmp/krb5cc_machine_SAG.LOCAL
Ticket cache: FILE:/tmp/krb5cc_machine_SAG.LOCAL
Default principal: nfs/debian.sag.local@SAG.LOCAL

Valid starting Expires Service principal
11/15/11 11:07:25 11/15/11 21:07:28 krbtgt/SAG.LOCAL@SAG.LOCAL
renew until 11/16/11 11:07:25, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac

11/15/11 11:07:28 11/15/11 21:07:28 nfs/archiv.sag.local@SAG.LOCAL
renew until 11/16/11 11:07:25, Etype (skey, tkt): arcfour-hmac,
arcfour-hmac



On NFS server:
ARCHIV ~ # ls -la /tmp/
итого 8
drwxrwxrwt 2 root root 4096 Ноя 15 10:41 .
drwxr-xr-x 24 root root 4096 Ноя 14 23:56 ..
ARCHIV ~ # ps aux | grep rpc
root 805 0.0 0.0 2308 920 ? Ss 00:03 0:00
/sbin/rpcbind -w

root 827 0.0 0.0 0 0 ? S< 00:03 0:00 [rpciod]
root 2089 0.0 0.0 3676 1556 ? Ss 11:04 0:00
/usr/sbin/rpc.svcgssd yes
root 2091 0.0 0.0 2668 636 ? Ss 11:04 0:00
/usr/sbin/rpc.mountd --manage-gids
statd 2132 0.0 0.0 2376 1056 ? Ss 11:05 0:00
/sbin/rpc.statd
root 2144 0.0 0.0 2612 392 ? Ss 11:05 0:00
/usr/sbin/rpc.idmapd
root 2148 0.0 0.0 3440 616 ? Ss 11:05 0:00
/usr/sbin/rpc.gssd -vvv
root 2158 0.0 0.0 3464 752 pts/0 S+ 11:09 0:00 grep
--colour=auto rpc

ARCHIV ~ # tail /var/log/daemon.log
Nov 15 11:04:51 archiv rpc.mountd[1962]: Caught signal 15, un-registering
and exiting.

Nov 15 11:04:52 archiv rpc.mountd[2091]: Version 1.2.4 starting
Nov 15 11:04:59 archiv rpc.gssd[2010]: exiting on signal 15
Nov 15 11:04:59 archiv rpc.statd[1994]: Caught signal 15, un-registering
and exiting

Nov 15 11:05:00 archiv rpc.statd[2132]: Version 1.2.4 starting
Nov 15 11:05:00 archiv sm-notify[2133]: Version 1.2.4 starting
Nov 15 11:05:00 archiv sm-notify[2133]: Already notifying clients; Exiting!
Nov 15 11:05:00 archiv rpc.gssd[2148]: beginning poll
Nov 15 11:07:28 archiv rpc.svcgssd[2089]: ERROR: GSS-API: error in
handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS
failure. Minor code may provide more information) - No supported
encryption types (config file error?)
Nov 15 11:07:28 archiv rpc.svcgssd[2089]: ERROR: GSS-API: error in
handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS
failure. Minor code may provide more information) - No supported
encryption types (config file error?)


On the server /tmp/krb5cc_machine_REALM not been established.
When I tried to "locally" on the NFS server to mount the exported
directory, the file has been created:


ARCHIV ~ # mount -v -t nfs4 -o sec=krb5 archiv:/nfs /mnt
mount.nfs4: timeout set for Tue Nov 15 11:14:04 2011
mount.nfs4: trying text-based options
'sec=krb5,addr=10.0.0.6,clientaddr=10.0.0.6'

mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting archiv:/nfs
ARCHIV ~ # ls -la /tmp/
итого 12
drwxrwxrwt 2 root root 4096 Ноя 15 11:12 .
drwxr-xr-x 24 root root 4096 Ноя 14 23:56 ..
-rw------- 1 root root 2444 Ноя 15 11:12 krb5cc_machine_SAG.LOCAL
ARCHIV ~ # klist -e /tmp/krb5cc_machine_SAG.LOCAL
Ticket cache: FILE:/tmp/krb5cc_machine_SAG.LOCAL
Default principal: nfs/archiv.sag.local@SAG.LOCAL

Valid starting Expires Service principal
11/15/11 11:12:04 11/15/11 21:12:09 krbtgt/SAG.LOCAL@SAG.LOCAL
renew until 11/16/11 11:12:04, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5

11/15/11 11:12:09 11/15/11 21:12:09 nfs/archiv.sag.local@SAG.LOCAL
renew until 11/16/11 11:12:04, Etype (skey, tkt): ArcFour with
HMAC/md5, ArcFour with HMAC/md5



--
Best Regards



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: op.v4y7ppdaeaxn5m@odmen.sag.local">http://lists.debian.org/op.v4y7ppdaeaxn5m@odmen.sag.local

Russ Allbery 11-15-2011 06:21 AM

Bug#622146: nfs-kernel-server: error Encryption type not permitted
 
"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:

> root@debian:~# klist -e /tmp/krb5cc_machine_SAG.LOCAL
> Ticket cache: FILE:/tmp/krb5cc_machine_SAG.LOCAL
> Default principal: nfs/debian.sag.local@SAG.LOCAL

> Valid starting Expires Service principal
> 11/15/11 11:07:25 11/15/11 21:07:28 krbtgt/SAG.LOCAL@SAG.LOCAL
> renew until 11/16/11 11:07:25, Etype (skey, tkt): arcfour-hmac,
> arcfour-hmac
> 11/15/11 11:07:28 11/15/11 21:07:28 nfs/archiv.sag.local@SAG.LOCAL
> renew until 11/16/11 11:07:25, Etype (skey, tkt): arcfour-hmac,
> arcfour-hmac

Okay, well, so much for that theory. I was hoping that for some reason
you were getting service tickets that weren't arcfour-hmac for some
reason, but you are, so I don't get why they wouldn't match.

> Nov 15 11:07:28 archiv rpc.svcgssd[2089]: ERROR: GSS-API: error in
> handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS
> failure. Minor code may provide more information) - No supported
> encryption types (config file error?)

The only thing that I can think of at this point is that the underlying
GSS-API implementation behind rpc.svcgssd isn't supporting arcfour-hmac
for some reason. Maybe you don't have the backported version of
everything and your daemon still only supports DES somehow?

--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87bosd3l7i.fsf@windlord.stanford.edu">http://lists.debian.org/87bosd3l7i.fsf@windlord.stanford.edu

"Kramarenko A. Maxim" 11-15-2011 06:37 AM

Bug#622146: nfs-kernel-server: error Encryption type not permitted
 
Russ Allbery <rra@debian.org> писал(а) в своём письме Tue, 15 Nov 2011 11:21:05 +0400:


"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:

The only thing that I can think of at this point is that the underlying
GSS-API implementation behind rpc.svcgssd isn't supporting arcfour-hmac
for some reason. Maybe you don't have the backported version of
everything and your daemon still only supports DES somehow?


These are versions of the software on the NFS server:

ARCHIV ~ # dpkg -l | grep krb
ii krb5-config 2.2 Configuration files for Kerberos Version 5
ii krb5-user 1.8.3+dfsg-4squeeze2 Basic programs to authenticate using MIT Kerberos
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries
ii libkrb5support0 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Support library
ARCHIV ~ # dpkg -l | grep gss
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libgssglue1 0.1-4 mechanism-switch gssapi library
ii libgssrpc4 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - GSS enabled ONCRPC
ii librpcsecgss3 0.19-2 allows secure rpc communication using the rpcsec_gss protocol
ARCHIV ~ # dpkg -l | grep -i mit
ii krb5-user 1.8.3+dfsg-4squeeze2 Basic programs to authenticate using MIT Kerberos
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libgssrpc4 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - GSS enabled ONCRPC
ii libk5crypto3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Crypto Library
ii libkadm5clnt-mit7 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Administration Clients
rc libkadm5srv-mit7 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - KDC and Admin Server
rc libkdb5-4 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Kerberos database
ii libkrb5-3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries
ii libkrb5support0 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Support library
ARCHIV ~ # dpkg -l | grep -i nfs
ii liblockfile1 1.08-4 NFS-safe locking library, includes dotlockfile program
ii libnfsidmap2 0.23-2 An nfs idmapping library
ii nfs-common 1:1.2.4-1~bpo60+1 NFS support files common to client and server
ii nfs-kernel-server 1:1.2.4-1~bpo60+1 support for NFS kernel server

Can cost from backporting upgrade krb5-user?

--
Best Regards,
Mc.Sim.
http://www.k-max.name/



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: op.v4y8r6zjeaxn5m@odmen.sag.local">http://lists.debian.org/op.v4y8r6zjeaxn5m@odmen.sag.local

"Kramarenko A. Maxim" 11-17-2011 06:22 AM

Bug#622146: nfs-kernel-server: error Encryption type not permitted
 
I upgraded krb5-user from the repository, backports, but the error remained the same:

ARCHIV ~ # dpkg -l | grep -i mit
ii krb5-user 1.9.1+dfsg-3 Basic programs to authenticate using MIT Ke
ii libgssapi-krb5-2 1.9.1+dfsg-3 MIT Kerberos runtime libraries - krb5 GSS-A
ii libgssrpc4 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - GSS enable
ii libk5crypto3 1.9.1+dfsg-3 MIT Kerberos runtime libraries - Crypto Lib
ii libkadm5clnt-mit7 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Administra
ii libkadm5clnt-mit8 1.9.1+dfsg-3 MIT Kerberos runtime libraries - Administra
rc libkadm5srv-mit7 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - KDC and Ad
ii libkadm5srv-mit8 1.9.1+dfsg-3 MIT Kerberos runtime libraries - KDC and Ad
rc libkdb5-4 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Kerberos d
ii libkdb5-5 1.9.1+dfsg-3 MIT Kerberos runtime libraries - Kerberos d
ii libkrb5-3 1.9.1+dfsg-3 MIT Kerberos runtime libraries
ii libkrb5support0 1.9.1+dfsg-3 MIT Kerberos runtime libraries - Support li
ARCHIV ~ # echo startingmount >> /var/log/daemon.log
ARCHIV ~ # mount -v -t nfs4 -o sec=krb5 archiv:/nfs /mnt
mount.nfs4: timeout set for Thu Nov 17 11:22:49 2011
mount.nfs4: trying text-based options 'sec=krb5,addr=10.0.0.6,clientaddr=10.0.0.6'
mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting archiv:/nfs
ARCHIV ~ # grep -A500 startingmount /var/log/daemon.log
startingmount
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd3618c data 0xbfd3620c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd3809c data 0xbfd3811c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt6)
Nov 17 11:20:49 archiv rpc.gssd[846]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 '
Nov 17 11:20:49 archiv rpc.gssd[846]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt6)
Nov 17 11:20:49 archiv rpc.gssd[846]: process_krb5_upcall: service is '<null>'
Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.SAG.local' is 'archiv.sag.local'
Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.sag.local' is 'archiv.sag.local'
Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'ARCHIV$@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'root/archiv.sag.local@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: Success getting keytab entry for 'nfs/archiv.sag.local@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655
Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655
Nov 17 11:20:49 archiv rpc.gssd[846]: using FILE:/tmp/krb5cc_machine_SAG.LOCAL as credentials cache for machine creds
Nov 17 11:20:49 archiv rpc.gssd[846]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCAL
Nov 17 11:20:49 archiv rpc.gssd[846]: creating context using fsuid 0 (save_uid 0)
Nov 17 11:20:49 archiv rpc.gssd[846]: creating tcp client for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: DEBUG: port already set to 2049
Nov 17 11:20:49 archiv rpc.gssd[846]: creating context with server nfs@archiv.SAG.local
Nov 17 11:20:49 archiv rpc.svcgssd[13849]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?)
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create krb5 context for user with uid 0 for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_SAG.LOCAL for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Machine cache is prematurely expired or corrupted trying to recreate cache for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.SAG.local' is 'archiv.sag.local'
Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.sag.local' is 'archiv.sag.local'
Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'ARCHIV$@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'root/archiv.sag.local@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: Success getting keytab entry for 'nfs/archiv.sag.local@SAG.LOCAL'
Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655
Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655
Nov 17 11:20:49 archiv rpc.gssd[846]: using FILE:/tmp/krb5cc_machine_SAG.LOCAL as credentials cache for machine creds
Nov 17 11:20:49 archiv rpc.gssd[846]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCAL
Nov 17 11:20:49 archiv rpc.gssd[846]: creating context using fsuid 0 (save_uid 0)
Nov 17 11:20:49 archiv rpc.gssd[846]: creating tcp client for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: DEBUG: port already set to 2049
Nov 17 11:20:49 archiv rpc.gssd[846]: creating context with server nfs@archiv.SAG.local
Nov 17 11:20:49 archiv rpc.svcgssd[13849]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?)
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create krb5 context for user with uid 0 for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_SAG.LOCAL for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create machine krb5 context with any credentials cache for server archiv.SAG.local
Nov 17 11:20:49 archiv rpc.gssd[846]: doing error downcall
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c
Nov 17 11:20:49 archiv rpc.gssd[846]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt7
Nov 17 11:20:49 archiv rpc.gssd[846]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt6
ARCHIV ~ #

May have someone else any advice?


--
Best Regards,
Mc.Sim.
http://www.k-max.name/



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: op.v42xfxy8eaxn5m@odmen.sag.local">http://lists.debian.org/op.v42xfxy8eaxn5m@odmen.sag.local


All times are GMT. The time now is 07:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.