On Thu, 2010-05-27 at 14:30 -0400, Simo Sorce wrote: > Oh right, > then I guess you need to look into syslog to see if you can find any > other hint. > > does the gssd daemon log anything ?
It can be made to talk, like this: rpc.gssd -f -vvvvvv -rrrrrr Messages at startup: Warning: rpcsec_gss library does not support setting debug level beginning poll At mount time: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35) handle_gssd_upcall: 'mech=krb5 uid=0 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35) process_krb5_upcall: service is '<null>' Full hostname for 'server.xxx.com' is 'server.xxx.com' Full hostname for 'client.xxx.com' is 'client.xxx.com' Key table entry not found while getting keytab entry for 'root/[email protected]' Success getting keytab entry for 'nfs/[email protected]' Successfully obtained machine credentials for principal 'nfs/[email protected]' stored in ccache 'FILE:/tmp/krb5cc_machine_XXX.COM' INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_XXX.COM' are good until 1275168019 using FILE:/tmp/krb5cc_machine_XXX.COM as credentials cache for machine creds using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_XXX.COM creating context using fsuid 0 (save_uid 0) creating tcp client for server server.xxx.com DEBUG: port already set to 2049 creating context with server [email protected] DEBUG: serialize_krb5_ctx: lucid version! prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 doing downcall handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35) handle_gssd_upcall: 'mech=krb5 uid=1591 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt35) process_krb5_upcall: service is '<null>' getting credentials for client with uid 1591 for server server.xxx.com CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_1591'([email protected]) passed all checks and has mtime of 1274978851 CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591 CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591 CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591 using FILE:/tmp/krb5cc_1591 as credentials cache for client with uid 1591 for server server.xxx.com using environment variable to select krb5 ccache FILE:/tmp/krb5cc_1591 creating context using fsuid 1591 (save_uid 0) creating tcp client for server server.xxx.com DEBUG: port already set to 2049 creating context with server [email protected] DEBUG: serialize_krb5_ctx: lucid version! prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 doing downcall Now interestingly, the access works if rpc.gssd is started from the console! When I start it using "service rpc.gssd restart", it fails again, now with this in the log: beginning poll handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47) handle_gssd_upcall: 'mech=krb5 uid=0 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47) process_krb5_upcall: service is '<null>' Full hostname for 'server.xxx.com' is 'server.xxx.com' Full hostname for 'client.xxx.com' is 'client.xxx.com' Key table entry not found while getting keytab entry for 'root/[email protected]' Success getting keytab entry for 'nfs/[email protected]' Successfully obtained machine credentials for principal 'nfs/[email protected]' stored in ccache 'FILE:/tmp/krb5cc_machine_XXX.COM' INFO: Credentials in CC 'FILE:/tmp/krb5cc_machine_XXX.COM' are good until 1275169699 using FILE:/tmp/krb5cc_machine_XXX.COM as credentials cache for machine creds using environment variable to select krb5 ccache FILE:/tmp/krb5cc_machine_XXX.COM creating context using fsuid 0 (save_uid 0) creating tcp client for server server.xxx.com DEBUG: port already set to 2049 creating context with server [email protected] DEBUG: serialize_krb5_ctx: lucid version! prepare_krb5_rfc1964_buffer: serializing keys with enctype 4 and length 8 doing downcall handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47) handle_gssd_upcall: 'mech=krb5 uid=1591 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47) process_krb5_upcall: service is '<null>' getting credentials for client with uid 1591 for server server.xxx.com CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_1591' is expired or corrupt CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591 CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591 CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591 WARNING: Failed to create krb5 context for user with uid 1591 for server server.xxx.com doing error downcall handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47) handle_gssd_upcall: 'mech=krb5 uid=1591 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47) process_krb5_upcall: service is '<null>' getting credentials for client with uid 1591 for server server.xxx.com CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_1591' is expired or corrupt CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591 CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591 CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591 WARNING: Failed to create krb5 context for user with uid 1591 for server server.xxx.com doing error downcall handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47) handle_gssd_upcall: 'mech=krb5 uid=1591 ' handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfs/clnt47) process_krb5_upcall: service is '<null>' getting credentials for client with uid 1591 for server server.xxx.com CC file '/tmp/krb5cc_1591' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_1591' is expired or corrupt CC file '/tmp/krb5cc_10000_lxXOef' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_10000_lxXOef' owned by 10000, not 1591 CC file '/tmp/krb5cc_machine_XXX.COM' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_machine_XXX.COM' owned by 0, not 1591 CC file '/tmp/krb5cc_10000_CG6m2Y' being considered, with preferred realm 'XXX.COM' CC file '/tmp/krb5cc_10000_CG6m2Y' owned by 10000, not 1591 WARNING: Failed to create krb5 context for user with uid 1591 for server server.xxx.com doing error downcall For some reason I have no clue about, it does not like my credentials cache (/tmp/krb5cc_1591) when not run from the console. Thanks, Tom _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
