Enabled verbose output for rpc.idmapd as well, and now I see: nfsidmap[5034]: nss_getpwnam: name 'test1_l@localdomain' does not map into domain 'hq.spinque.com'
On 12 August 2015 at 12:28, Roberto Cornacchia <[email protected] > wrote: > I have used > > RPCGSSDARGS="-vvv" > RPCSVCGSSDARGS="-vvv" > > in /etc/sysconfig/nfs , as suggested in > http://docs.fedoraproject.org/en-US/Fedora/18/html/FreeIPA_Guide/Installing_the_IPA_Client_on_Linux.html > > In the excerpt below, taken during the mount, meson is the client, spinque03 > is the nfs server (synology). > > It still doesn't tell me much, perhaps I'm missing something? > > > rpc.gssd[838]: handling gssd upcall (nfs/clnt19) > rpc.gssd[838]: handle_gssd_upcall: 'mech=krb5 uid=0 > enctypes=18,17,16,23,3,1,2 ' > rpc.gssd[3328]: handling krb5 upcall (nfs/clnt19) > rpc.gssd[3328]: process_krb5_upcall: service is '<null>' > rpc.gssd[3328]: Full hostname for 'spinque03.hq.spinque.com' is ' > spinque03.hq.spinque.com' > rpc.gssd[3328]: Full hostname for 'meson.hq.spinque.com' is ' > meson.hq.spinque.com' > rpc.gssd[3328]: No key table entry found for [email protected] while > getting keytab entry for '[email protected]' > rpc.gssd[3328]: No key table entry found for root/ > [email protected] while getting keytab entry for 'root/ > [email protected]' > rpc.gssd[3328]: No key table entry found for nfs/ > [email protected] while getting keytab entry for 'nfs/ > [email protected]' > rpc.gssd[3328]: Success getting keytab entry for 'host/ > [email protected]' > rpc.gssd[3328]: Successfully obtained machine credentials for principal > 'host/[email protected]' stored in ccache 'FILE:/tmp/ > krb5ccmachine_HQ.SPINQUE.COM' > rpc.gssd[3328]: INFO: Credentials in CC 'FILE:/tmp/ > krb5ccmachine_HQ.SPINQUE.COM' are good until 1439461246 > rpc.gssd[3328]: using FILE:/tmp/krb5ccmachine_HQ.SPINQUE.COM as > credentials cache for machine creds > rpc.gssd[3328]: using environment variable to select krb5 ccache FILE:/tmp/ > krb5ccmachine_HQ.SPINQUE.COM > gssproxy[809]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. > Minor code may provide more information, No credentials cache found > gssproxy[798]: gssproxy[809]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified > GSS failure. Minor code may provide more information, No credentials cache > found > rpc.gssd[3328]: creating tcp client for server spinque03.hq.spinque.com > rpc.gssd[3328]: DEBUG: port already set to 2049 > rpc.gssd[3328]: creating context with server [email protected] > rpc.gssd[3328]: DEBUG: serialize_krb5_ctx: lucid version! > rpc.gssd[3328]: prepare_krb5_rfc4121_buffer: protocol 1 > rpc.gssd[3328]: prepare_krb5_rfc4121_buffer: serializing key with enctype > 18 and size 32 > rpc.gssd[3328]: doing downcall: lifetime_rec=86399 acceptor= > [email protected] > rpc.gssd[838]: handling gssd upcall (nfs/clnt19) > rpc.gssd[838]: handle_gssd_upcall: 'mech=krb5 uid=1005 > enctypes=18,17,16,23,3,1,2 ' > rpc.gssd[3337]: handling krb5 upcall (nfs/clnt19) > rpc.gssd[3337]: process_krb5_upcall: service is '<null>' > gssproxy[809]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. > Minor code may provide more information, No credentials cache found > gssproxy[798]: gssproxy[809]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified > GSS failure. Minor code may provide more information, No credentials cache > found > rpc.gssd[3337]: creating tcp client for server spinque03.hq.spinque.com > rpc.gssd[3337]: DEBUG: port already set to 2049 > rpc.gssd[3337]: creating context with server [email protected] > rpc.gssd[3337]: DEBUG: serialize_krb5_ctx: lucid version! > rpc.gssd[3337]: prepare_krb5_rfc4121_buffer: protocol 1 > rpc.gssd[3337]: prepare_krb5_rfc4121_buffer: serializing key with enctype > 18 and size 32 > rpc.gssd[3337]: doing downcall: lifetime_rec=85675 acceptor= > [email protected] > > > On 12 August 2015 at 02:46, Roberto Cornacchia < > [email protected]> wrote: > >> Hi, >> >> I am trying to use a Synology NAS station in my FreeIPA domain to host >> automounted home directories (not created automatically for now). >> >> I got almost everything working, but I seem to have a problem with >> kerberized nfs. >> >> The NAS logs in the LDAP domain and seems happy with the kerberos >> principal that I uploaded. >> >> >> >> * If I use plain nfs4 without krb5 >> >> - /etc/exports - >> /volume1/shared_homes >> 192.168.0.0/24(rw,async,no_wdelay,all_squash,insecure_locks,sec=sys,anonuid=1025,anongid=100) >> >> then I can mount it and use it (it even works with automount). But only >> using all_squash. Not useful: >> >> >> * If I use krb5 >> >> - /etc/exports - >> /volume1/shared_homes >> 192.168.0.0/24(rw,async,no_wdelay,no_root_squash,insecure_locks,sec=krb5,anonuid=1025,anongid=100) >> >> then I can kinit with an LDAP user, mount it with sec=krb5, but I get >> "nobody" as file owner. >> >> This is done from a FC22 client, perfectly enrolled in freeIPA. >> >> The client's log contains several of such errors: >> >> gssproxy[807]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. >> Minor code may provide more information, No credentials cache found >> >> >> Any tip to help me understand what the problem is? >> Roberto >> > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
