Bug#622146: nfs-kernel-server: error Encryption type not permitted
"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:
> P.S. But kinit gets the same ticket from KDC? Or kinit does not use the > kernel and uses the tools of userland-level? The NFS server, client, and KDC all have to agree on a single encryption type, and the encryption type of the service ticket issued by the KDC to the client has to be in an encryption type that the NFS server supports. > root@debian:~# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: nfs/debian.sag.local@SAG.LOCAL > Valid starting Expires Service principal > 11/14/11 22:51:28 11/15/11 08:51:36 krbtgt/SAG.LOCAL@SAG.LOCAL > renew until 11/15/11 22:51:28 It would be more interesting to run klist -e after attempting to contact the server, so that you can see what the encryption type of the service ticket for the NFS server was. -- Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 8739dqcuwa.fsf@windlord.stanford.edu">http://lists.debian.org/8739dqcuwa.fsf@windlord.stanford.edu |
Bug#622146: nfs-kernel-server: error Encryption type not permitted
Russ Allbery <rra@debian.org> писал(а) в своём письме Tue, 15 Nov 2011
00:27:01 +0400: "Kramarenko A. Maxim" <mc-sim85@ya.ru> writes: The NFS server, client, and KDC all have to agree on a single encryption type, and the encryption type of the service ticket issued by the KDC to the client has to be in an encryption type that the NFS server supports. KDC supports the types of encryption (http://technet.microsoft.com/en-us/library/dd560670(WS.10).aspx): AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 RC4-HMAC The NFS server is the core: ARCHIV ~ # uname -a Linux ARCHIV 2.6.39-bpo.2-686-pae #1 SMP Thu Aug 4 11:02:22 UTC 2011 i686 GNU/Linux As you said above, it supports: AES256-CTS-HMAC-SHA1-96 AES128-CTS-HMAC-SHA1-96 RC4-HMAC The NFS client has a core: root@debian:~# uname -a Linux debian 3.0.0-1-486 #1 Sat Aug 27 15:56:48 UTC 2011 i686 GNU/Linux It is older than the server, respectively, should also support the above types of encryption. (If the server and client on the kernel Linux debian 3.0.0-1-486 # 1, then there is no error ...) I tried to tune in krb5.conf on the client and server NFS (last letter): default_tkt_enctypes = rc4-hmac default_tgs_enctypes = rc4-hmac permitted_enctypes = rc4-hmac But still there was an error on NFS server: Nov 14 22:54:40 archiv rpc.svcgssd[4812]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?) Nov 14 22:54:40 archiv rpc.svcgssd[4812]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?) It would be more interesting to run klist -e after attempting to contact the server, so that you can see what the encryption type of the service ticket for the NFS server was. on client: root@debian:~# kinit -k nfs/debian.sag.local root@debian:~# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: nfs/debian.sag.local@SAG.LOCAL Valid starting Expires Service principal 11/15/11 09:27:22 11/15/11 19:27:30 krbtgt/SAG.LOCAL@SAG.LOCAL renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac, arcfour-hmac ...and on server: ARCHIV ~ # kinit -k nfs/archiv.sag.local ARCHIV ~ # klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: nfs/archiv.sag.local@SAG.LOCAL Valid starting Expires Service principal 11/15/11 09:26:37 11/15/11 19:26:42 krbtgt/SAG.LOCAL@SAG.LOCAL renew until 11/16/11 09:26:37, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 -- Best Regards -- To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: op.v4y244dleaxn5m@odmen.sag.local">http://lists.debian.org/op.v4y244dleaxn5m@odmen.sag.local |
Bug#622146: nfs-kernel-server: error Encryption type not permitted
"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:
>> It would be more interesting to run klist -e after attempting to contact >> the server, so that you can see what the encryption type of the service >> ticket for the NFS server was. > on client: > root@debian:~# kinit -k nfs/debian.sag.local > root@debian:~# klist -e > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: nfs/debian.sag.local@SAG.LOCAL > Valid starting Expires Service principal > 11/15/11 09:27:22 11/15/11 19:27:30 krbtgt/SAG.LOCAL@SAG.LOCAL > renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac, > arcfour-hmac No, this is the TGT for the client's principal. Rather than running klist -e immediately after obtaining credentials, run kinit and then try to access NFS (so that rpc.gssd will obtain a service ticket for the server) and *then* run klist -e and look at what encryption type the service ticket for nfs/archiv.sag.local@SAG.LOCAL has. -- Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 87obwe2ane.fsf@windlord.stanford.edu">http://lists.debian.org/87obwe2ane.fsf@windlord.stanford.edu |
Bug#622146: nfs-kernel-server: error Encryption type not permitted
Russ Allbery <rra@debian.org> писал(а) в своём письме Tue, 15 Nov 2011
09:54:29 +0400: "Kramarenko A. Maxim" <mc-sim85@ya.ru> writes: It would be more interesting to run klist -e after attempting to contact the server, so that you can see what the encryption type of the service ticket for the NFS server was. on client: root@debian:~# kinit -k nfs/debian.sag.local root@debian:~# klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: nfs/debian.sag.local@SAG.LOCAL Valid starting Expires Service principal 11/15/11 09:27:22 11/15/11 19:27:30 krbtgt/SAG.LOCAL@SAG.LOCAL renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac, arcfour-hmac No, this is the TGT for the client's principal. Rather than running klist -e immediately after obtaining credentials, run kinit and then try to access NFS (so that rpc.gssd will obtain a service ticket for the server) and *then* run klist -e and look at what encryption type the service ticket for nfs/archiv.sag.local@SAG.LOCAL has. It's done. On client mount and klist: root@debian:~# mount -vvv -t nfs4 -o sec=krb5 archiv:/nfs /mnt2 mount: fstab path: "/etc/fstab" mount: mtab path: "/etc/mtab" mount: lock path: "/etc/mtab~" mount: temp path: "/etc/mtab.tmp" mount: UID: 0 mount: eUID: 0 mount: spec: "archiv:/nfs" mount: node: "/mnt2" mount: types: "nfs4" mount: opts: "sec=krb5" mount: external mount: argv[0] = "/sbin/mount.nfs4" mount: external mount: argv[1] = "archiv:/nfs" mount: external mount: argv[2] = "/mnt2" mount: external mount: argv[3] = "-v" mount: external mount: argv[4] = "-o" mount: external mount: argv[5] = "rw,sec=krb5" mount.nfs4: timeout set for Tue Nov 15 11:09:25 2011 mount.nfs4: trying text-based options 'sec=krb5,addr=10.0.0.6,clientaddr=10.0.0.50' mount.nfs4: mount(2): Permission denied mount.nfs4: access denied by server while mounting archiv:/nfs root@debian:~# ls -la /tmp/ итого 8 drwxrwxrwt 4 root root 100 Ноя 15 11:07 . drwxr-xr-x 24 root root 4096 Ноя 14 16:55 .. drwxrwxrwt 2 root root 40 Ноя 14 12:28 .ICE-unix -rw------- 1 root root 2444 Ноя 15 11:07 krb5cc_machine_SAG.LOCAL drwxrwxrwt 2 root root 40 Ноя 14 12:28 .X11-unix root@debian:~# klist -e /tmp/krb5cc_machine_SAG.LOCAL Ticket cache: FILE:/tmp/krb5cc_machine_SAG.LOCAL Default principal: nfs/debian.sag.local@SAG.LOCAL Valid starting Expires Service principal 11/15/11 11:07:25 11/15/11 21:07:28 krbtgt/SAG.LOCAL@SAG.LOCAL renew until 11/16/11 11:07:25, Etype (skey, tkt): arcfour-hmac, arcfour-hmac 11/15/11 11:07:28 11/15/11 21:07:28 nfs/archiv.sag.local@SAG.LOCAL renew until 11/16/11 11:07:25, Etype (skey, tkt): arcfour-hmac, arcfour-hmac On NFS server: ARCHIV ~ # ls -la /tmp/ итого 8 drwxrwxrwt 2 root root 4096 Ноя 15 10:41 . drwxr-xr-x 24 root root 4096 Ноя 14 23:56 .. ARCHIV ~ # ps aux | grep rpc root 805 0.0 0.0 2308 920 ? Ss 00:03 0:00 /sbin/rpcbind -w root 827 0.0 0.0 0 0 ? S< 00:03 0:00 [rpciod] root 2089 0.0 0.0 3676 1556 ? Ss 11:04 0:00 /usr/sbin/rpc.svcgssd yes root 2091 0.0 0.0 2668 636 ? Ss 11:04 0:00 /usr/sbin/rpc.mountd --manage-gids statd 2132 0.0 0.0 2376 1056 ? Ss 11:05 0:00 /sbin/rpc.statd root 2144 0.0 0.0 2612 392 ? Ss 11:05 0:00 /usr/sbin/rpc.idmapd root 2148 0.0 0.0 3440 616 ? Ss 11:05 0:00 /usr/sbin/rpc.gssd -vvv root 2158 0.0 0.0 3464 752 pts/0 S+ 11:09 0:00 grep --colour=auto rpc ARCHIV ~ # tail /var/log/daemon.log Nov 15 11:04:51 archiv rpc.mountd[1962]: Caught signal 15, un-registering and exiting. Nov 15 11:04:52 archiv rpc.mountd[2091]: Version 1.2.4 starting Nov 15 11:04:59 archiv rpc.gssd[2010]: exiting on signal 15 Nov 15 11:04:59 archiv rpc.statd[1994]: Caught signal 15, un-registering and exiting Nov 15 11:05:00 archiv rpc.statd[2132]: Version 1.2.4 starting Nov 15 11:05:00 archiv sm-notify[2133]: Version 1.2.4 starting Nov 15 11:05:00 archiv sm-notify[2133]: Already notifying clients; Exiting! Nov 15 11:05:00 archiv rpc.gssd[2148]: beginning poll Nov 15 11:07:28 archiv rpc.svcgssd[2089]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?) Nov 15 11:07:28 archiv rpc.svcgssd[2089]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?) On the server /tmp/krb5cc_machine_REALM not been established. When I tried to "locally" on the NFS server to mount the exported directory, the file has been created: ARCHIV ~ # mount -v -t nfs4 -o sec=krb5 archiv:/nfs /mnt mount.nfs4: timeout set for Tue Nov 15 11:14:04 2011 mount.nfs4: trying text-based options 'sec=krb5,addr=10.0.0.6,clientaddr=10.0.0.6' mount.nfs4: mount(2): Permission denied mount.nfs4: access denied by server while mounting archiv:/nfs ARCHIV ~ # ls -la /tmp/ итого 12 drwxrwxrwt 2 root root 4096 Ноя 15 11:12 . drwxr-xr-x 24 root root 4096 Ноя 14 23:56 .. -rw------- 1 root root 2444 Ноя 15 11:12 krb5cc_machine_SAG.LOCAL ARCHIV ~ # klist -e /tmp/krb5cc_machine_SAG.LOCAL Ticket cache: FILE:/tmp/krb5cc_machine_SAG.LOCAL Default principal: nfs/archiv.sag.local@SAG.LOCAL Valid starting Expires Service principal 11/15/11 11:12:04 11/15/11 21:12:09 krbtgt/SAG.LOCAL@SAG.LOCAL renew until 11/16/11 11:12:04, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 11/15/11 11:12:09 11/15/11 21:12:09 nfs/archiv.sag.local@SAG.LOCAL renew until 11/16/11 11:12:04, Etype (skey, tkt): ArcFour with HMAC/md5, ArcFour with HMAC/md5 -- Best Regards -- To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: op.v4y7ppdaeaxn5m@odmen.sag.local">http://lists.debian.org/op.v4y7ppdaeaxn5m@odmen.sag.local |
Bug#622146: nfs-kernel-server: error Encryption type not permitted
"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:
> root@debian:~# klist -e /tmp/krb5cc_machine_SAG.LOCAL > Ticket cache: FILE:/tmp/krb5cc_machine_SAG.LOCAL > Default principal: nfs/debian.sag.local@SAG.LOCAL > Valid starting Expires Service principal > 11/15/11 11:07:25 11/15/11 21:07:28 krbtgt/SAG.LOCAL@SAG.LOCAL > renew until 11/16/11 11:07:25, Etype (skey, tkt): arcfour-hmac, > arcfour-hmac > 11/15/11 11:07:28 11/15/11 21:07:28 nfs/archiv.sag.local@SAG.LOCAL > renew until 11/16/11 11:07:25, Etype (skey, tkt): arcfour-hmac, > arcfour-hmac Okay, well, so much for that theory. I was hoping that for some reason you were getting service tickets that weren't arcfour-hmac for some reason, but you are, so I don't get why they wouldn't match. > Nov 15 11:07:28 archiv rpc.svcgssd[2089]: ERROR: GSS-API: error in > handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS > failure. Minor code may provide more information) - No supported > encryption types (config file error?) The only thing that I can think of at this point is that the underlying GSS-API implementation behind rpc.svcgssd isn't supporting arcfour-hmac for some reason. Maybe you don't have the backported version of everything and your daemon still only supports DES somehow? -- Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 87bosd3l7i.fsf@windlord.stanford.edu">http://lists.debian.org/87bosd3l7i.fsf@windlord.stanford.edu |
Bug#622146: nfs-kernel-server: error Encryption type not permitted
Russ Allbery <rra@debian.org> писал(а) в своём письме Tue, 15 Nov 2011 11:21:05 +0400:
"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes: The only thing that I can think of at this point is that the underlying GSS-API implementation behind rpc.svcgssd isn't supporting arcfour-hmac for some reason. Maybe you don't have the backported version of everything and your daemon still only supports DES somehow? These are versions of the software on the NFS server: ARCHIV ~ # dpkg -l | grep krb ii krb5-config 2.2 Configuration files for Kerberos Version 5 ii krb5-user 1.8.3+dfsg-4squeeze2 Basic programs to authenticate using MIT Kerberos ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii libkrb5-3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries ii libkrb5support0 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Support library ARCHIV ~ # dpkg -l | grep gss ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii libgssglue1 0.1-4 mechanism-switch gssapi library ii libgssrpc4 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - GSS enabled ONCRPC ii librpcsecgss3 0.19-2 allows secure rpc communication using the rpcsec_gss protocol ARCHIV ~ # dpkg -l | grep -i mit ii krb5-user 1.8.3+dfsg-4squeeze2 Basic programs to authenticate using MIT Kerberos ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii libgssrpc4 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - GSS enabled ONCRPC ii libk5crypto3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Crypto Library ii libkadm5clnt-mit7 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Administration Clients rc libkadm5srv-mit7 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - KDC and Admin Server rc libkdb5-4 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Kerberos database ii libkrb5-3 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries ii libkrb5support0 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Support library ARCHIV ~ # dpkg -l | grep -i nfs ii liblockfile1 1.08-4 NFS-safe locking library, includes dotlockfile program ii libnfsidmap2 0.23-2 An nfs idmapping library ii nfs-common 1:1.2.4-1~bpo60+1 NFS support files common to client and server ii nfs-kernel-server 1:1.2.4-1~bpo60+1 support for NFS kernel server Can cost from backporting upgrade krb5-user? -- Best Regards, Mc.Sim. http://www.k-max.name/ -- To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: op.v4y8r6zjeaxn5m@odmen.sag.local">http://lists.debian.org/op.v4y8r6zjeaxn5m@odmen.sag.local |
Bug#622146: nfs-kernel-server: error Encryption type not permitted
I upgraded krb5-user from the repository, backports, but the error remained the same:
ARCHIV ~ # dpkg -l | grep -i mit ii krb5-user 1.9.1+dfsg-3 Basic programs to authenticate using MIT Ke ii libgssapi-krb5-2 1.9.1+dfsg-3 MIT Kerberos runtime libraries - krb5 GSS-A ii libgssrpc4 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - GSS enable ii libk5crypto3 1.9.1+dfsg-3 MIT Kerberos runtime libraries - Crypto Lib ii libkadm5clnt-mit7 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Administra ii libkadm5clnt-mit8 1.9.1+dfsg-3 MIT Kerberos runtime libraries - Administra rc libkadm5srv-mit7 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - KDC and Ad ii libkadm5srv-mit8 1.9.1+dfsg-3 MIT Kerberos runtime libraries - KDC and Ad rc libkdb5-4 1.8.3+dfsg-4squeeze2 MIT Kerberos runtime libraries - Kerberos d ii libkdb5-5 1.9.1+dfsg-3 MIT Kerberos runtime libraries - Kerberos d ii libkrb5-3 1.9.1+dfsg-3 MIT Kerberos runtime libraries ii libkrb5support0 1.9.1+dfsg-3 MIT Kerberos runtime libraries - Support li ARCHIV ~ # echo startingmount >> /var/log/daemon.log ARCHIV ~ # mount -v -t nfs4 -o sec=krb5 archiv:/nfs /mnt mount.nfs4: timeout set for Thu Nov 17 11:22:49 2011 mount.nfs4: trying text-based options 'sec=krb5,addr=10.0.0.6,clientaddr=10.0.0.6' mount.nfs4: mount(2): Permission denied mount.nfs4: access denied by server while mounting archiv:/nfs ARCHIV ~ # grep -A500 startingmount /var/log/daemon.log startingmount Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd3618c data 0xbfd3620c Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd3809c data 0xbfd3811c Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c Nov 17 11:20:49 archiv rpc.gssd[846]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt6) Nov 17 11:20:49 archiv rpc.gssd[846]: handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' Nov 17 11:20:49 archiv rpc.gssd[846]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt6) Nov 17 11:20:49 archiv rpc.gssd[846]: process_krb5_upcall: service is '<null>' Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.SAG.local' is 'archiv.sag.local' Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.sag.local' is 'archiv.sag.local' Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'ARCHIV$@SAG.LOCAL' Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'root/archiv.sag.local@SAG.LOCAL' Nov 17 11:20:49 archiv rpc.gssd[846]: Success getting keytab entry for 'nfs/archiv.sag.local@SAG.LOCAL' Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655 Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655 Nov 17 11:20:49 archiv rpc.gssd[846]: using FILE:/tmp/krb5cc_machine_SAG.LOCAL as credentials cache for machine creds Nov 17 11:20:49 archiv rpc.gssd[846]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCAL Nov 17 11:20:49 archiv rpc.gssd[846]: creating context using fsuid 0 (save_uid 0) Nov 17 11:20:49 archiv rpc.gssd[846]: creating tcp client for server archiv.SAG.local Nov 17 11:20:49 archiv rpc.gssd[846]: DEBUG: port already set to 2049 Nov 17 11:20:49 archiv rpc.gssd[846]: creating context with server nfs@archiv.SAG.local Nov 17 11:20:49 archiv rpc.svcgssd[13849]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?) Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create krb5 context for user with uid 0 for server archiv.SAG.local Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_SAG.LOCAL for server archiv.SAG.local Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Machine cache is prematurely expired or corrupted trying to recreate cache for server archiv.SAG.local Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.SAG.local' is 'archiv.sag.local' Nov 17 11:20:49 archiv rpc.gssd[846]: Full hostname for 'archiv.sag.local' is 'archiv.sag.local' Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'ARCHIV$@SAG.LOCAL' Nov 17 11:20:49 archiv rpc.gssd[846]: Key table entry not found while getting keytab entry for 'root/archiv.sag.local@SAG.LOCAL' Nov 17 11:20:49 archiv rpc.gssd[846]: Success getting keytab entry for 'nfs/archiv.sag.local@SAG.LOCAL' Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655 Nov 17 11:20:49 archiv rpc.gssd[846]: INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_SAG.LOCAL' are good until 1321546655 Nov 17 11:20:49 archiv rpc.gssd[846]: using FILE:/tmp/krb5cc_machine_SAG.LOCAL as credentials cache for machine creds Nov 17 11:20:49 archiv rpc.gssd[846]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_SAG.LOCAL Nov 17 11:20:49 archiv rpc.gssd[846]: creating context using fsuid 0 (save_uid 0) Nov 17 11:20:49 archiv rpc.gssd[846]: creating tcp client for server archiv.SAG.local Nov 17 11:20:49 archiv rpc.gssd[846]: DEBUG: port already set to 2049 Nov 17 11:20:49 archiv rpc.gssd[846]: creating context with server nfs@archiv.SAG.local Nov 17 11:20:49 archiv rpc.svcgssd[13849]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?) Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create krb5 context for user with uid 0 for server archiv.SAG.local Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create machine krb5 context with credentials cache FILE:/tmp/krb5cc_machine_SAG.LOCAL for server archiv.SAG.local Nov 17 11:20:49 archiv rpc.gssd[846]: WARNING: Failed to create machine krb5 context with any credentials cache for server archiv.SAG.local Nov 17 11:20:49 archiv rpc.gssd[846]: doing error downcall Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c Nov 17 11:20:49 archiv rpc.gssd[846]: dir_notify_handler: sig 37 si 0xbfd397ec data 0xbfd3986c Nov 17 11:20:49 archiv rpc.gssd[846]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt7 Nov 17 11:20:49 archiv rpc.gssd[846]: destroying client /var/lib/nfs/rpc_pipefs/nfs/clnt6 ARCHIV ~ # May have someone else any advice? -- Best Regards, Mc.Sim. http://www.k-max.name/ -- To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: op.v42xfxy8eaxn5m@odmen.sag.local">http://lists.debian.org/op.v42xfxy8eaxn5m@odmen.sag.local |
| All times are GMT. The time now is 03:26 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.