A typo from me, it is 192.168.1/24 in exports. Regards Johan
______________________________________ From: Rob Townley [[email protected]] Sent: Wednesday, February 27, 2013 18:12 To: Johan Petersson Cc: [email protected]; [email protected] Subject: Re: [Freeipa-users] IPA,NFS4,krb5p Ticket expired error /etc/exports does not look right. Try 192.168.1.0/24<http://192.168.1.0/24> or change to asterisk * On Wednesday, February 27, 2013, Johan Petersson <[email protected]<mailto:[email protected]>> wrote: > I think you are right, ssh always works to the nfs server and i believe that > is because the home directory is situated there. > > All ssh/sshd configuration are default from IPA Client install. > Only things changed are the necessary autofs configuration and that is > straight from the manual. > > I use strict NFS4 with port 2049 only open. (tried all firewalls and selinux > disabled, no difference) > Home directory is exported as: > /nethomes 192.168.1.0(rw,sync,sec=krb5p) > > IPA autofs map > default/auto_nethome * -fstype=nfs4 -sec=krb5p,rw,soft, > share.test.net:/nethomes/& > > -fstype=nfs4 i had to use to get autofs working, through firewall and only > port 2049 open it got crazy otherwise rambling about nfs2 and3 > -sec=krb5p i had to put in autofs map since otherwise autofs ignored settings > in exports and tried empty -o when mounting and thus failed because no > kerberos auth. > > I have updated everything to RHEL 6.4 now but no change. > > Thunderbird complains that my ticket was not accepted. > > NFS server shows this in logs: > rpc.gssd[2060]: ERROR: failed to read service info > rpc.gssd[2060]: WARNING: can't create tcp rpc_clnt to server > laptop1.test.net<http://laptop1.test.net> for user with uid 0: RPC: Remote > system error - No route to host > > Network is fine and all firewalls down. > Do you want any other logs beside debug autofs? > > Thanks for the help. > > Regards, > Johan. > > > > ________________________________ > From: > [email protected]<mailto:[email protected]> > [[email protected]<mailto:[email protected]>] > on behalf of Dmitri Pal [[email protected]<mailto:[email protected]>] > Sent: Tuesday, February 26, 2013 20:30 > To: [email protected]<mailto:[email protected]> > Subject: Re: [Freeipa-users] IPA,NFS4,krb5p Ticket expired error > > On 02/26/2013 02:03 PM, Johan Petersson wrote: > > Hi, > I have a IPA server, NFS4 Server sharing home directories with autofs and > krb5p as only valid authentication. > Mail Postfix/Dovecot both with startTLS and GSSAPI. > All servers and clients are Red Hat 6.3 and updated with latest kernel and > everything else. > If i start and log in locally as user1 on a IPA Client machine everything > works perfect including mail and home directory initially. > I then start experience errors when trying to ssh other servers as ssh > [email protected]<mailto:[email protected]>. > Nothing happens, no password question, nothing until i have to ctrl-c (tried > leaving it overnight - still same). > Mail stops working, thunderbird complain about expired credentials. > If i use ssh as root to the server and then try either: su user1 or su - > user1 both get same result as ssh user1. > Sometimes a su have actually worked and i can browse to my mounted home > directory but get permission denied when trying to access. > id works and permissions on home directory shows ok but can't access anyway. > The only thing i have found helping is to logout user1 on the client, login > root and then ssh as user1. > In that case i get password question and it works with home directory. > If i logout root then, login user1 then mail, ssh and su works again for some > time. > I guess the credential renewal works in that case. > Firewalls turned off, tried setenforce=0 and autofs on debug log mode but > find nothing. > Even sshd logging on and verbose ssh shows nothing wrong. > It is like everything works but a expired ticket or something similar > generate the error, tickets are new though and should be valid. > Only error messages i have been able to find is: > IPA server /var/log/messages show: > rpc.gssd[1116]: Error doing stat on file '/tmp/krb5cc_48' > automount[1197]: sasl_log_func:98: GSSAPI Error: Unspecified GSS failure. > Minor code may provide more information (Ticket expired) > Anyone have a idea what this could be and how to solve it? > I am really thankful for any help. > Regards, > Johan. > > This looks very much as if when you ssh into the remote system the home > directory NFS mount fails. > Can you try to configure a local directory and see if the problem goes away? > If this helps then I would see what is going on with the NFS client on the > system. > > Also I do not know how your SSH is configured. Does it actually delegate the > ticket? > AFAIU the system you SSH into needs to have a TGT to be able to mount an NFS > share on behalf of the user. > This is as far as I can go with what I know and what can be done without > actually looking at the logs on the system. > > HTH > > > > > > > > _______________________________________________ > Freeipa-users mailing list > [email protected]<mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/freeipa-users > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT co _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
