On 02/26/2013 02:03 PM, Johan Petersson wrote: > Hi, > > I have a IPA server, NFS4 Server sharing home directories with autofs > and krb5p as only valid authentication. > Mail Postfix/Dovecot both with startTLS and GSSAPI. > All servers and clients are Red Hat 6.3 and updated with latest kernel > and everything else. > > If i start and log in locally as user1 on a IPA Client machine > everything works perfect including mail and home directory initially. > I then start experience errors when trying to ssh other servers as ssh > [email protected]. > Nothing happens, no password question, nothing until i have to ctrl-c > (tried leaving it overnight - still same). > Mail stops working, thunderbird complain about expired credentials. > If i use ssh as root to the server and then try either: su user1 or su > - user1 both get same result as ssh user1. > Sometimes a su have actually worked and i can browse to my > mounted home directory but get permission denied when trying to access. > id works and permissions on home directory shows ok but can't access > anyway. > > The only thing i have found helping is to logout user1 on the client, > login root and then ssh as user1. > In that case i get password question and it works with home directory. > If i logout root then, login user1 then mail, ssh and su works again > for some time. > > I guess the credential renewal works in that case. > > Firewalls turned off, tried setenforce=0 and autofs on debug log mode > but find nothing. > > Even sshd logging on and verbose ssh shows nothing wrong. > It is like everything works but a expired ticket or something similar > generate the error, tickets are new though and should be valid. > > Only error messages i have been able to find is: > > IPA server /var/log/messages show: > rpc.gssd[1116]: Error doing stat on file '/tmp/krb5cc_48' > > automount[1197]: sasl_log_func:98: GSSAPI Error: Unspecified GSS > failure. Minor code may provide more information (Ticket expired) > > Anyone have a idea what this could be and how to solve it? > > I am really thankful for any help. > > Regards, > Johan. >
This looks very much as if when you ssh into the remote system the home directory NFS mount fails. Can you try to configure a local directory and see if the problem goes away? If this helps then I would see what is going on with the NFS client on the system. Also I do not know how your SSH is configured. Does it actually delegate the ticket? AFAIU the system you SSH into needs to have a TGT to be able to mount an NFS share on behalf of the user. This is as far as I can go with what I know and what can be done without actually looking at the logs on the system. HTH > > > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
