Hello all, I have several virtual machines ( on virtualbox ) running freeipa-client and freeipa-server in a trust domain relationship with an Active Directory (AD) also on a virtual machine.
Here is the details of the machines : ### Freeipa-server : - Centos 7.2 - ipa-server-install 4.2.0 ### client1 : - centos 7.2 - ipa-client-install 4.2.0 ### Nfs-server : - centos 7.2 - ipa-client-install 4.2.0 ### Client2 : - Ubuntu 14.04 (trusty) - ipa-client-install 3.3.4 also try the unofficial 4.0.x backport ( https://launchpad.net/~freeipa/+archive/ubuntu/4.0) Everything works fine except for the ubuntu client and the nfs mount : - I can mount the share using ""-o sec=krb5" option but the owner of the folders is nobody. It seems just a display error because the permissions on the files are good. user1 cannot write on the folder of user2 and vice versa. If I mount without kinit I get this (syslog ubuntu client): Feb 10 17:09:38 client2 rpc.idmapd[417]: New client: 0 Feb 10 17:09:38 client2 kernel: [ 2709.796390] NFS: Registering the id_resolver key type Feb 10 17:09:38 client2 kernel: [ 2709.796399] Key type id_resolver registered Feb 10 17:09:38 client2 kernel: [ 2709.796399] Key type id_legacy registered Feb 10 17:09:38 client2 rpc.idmapd[417]: Opened /run/rpc_pipefs/nfs/clnt0/idmap Feb 10 17:09:38 client2 rpc.idmapd[417]: New client: 1 Feb 10 17:09:38 client2 nfsidmap[2714]: key: 0x261c251d type: uid value: [email protected] timeout 600 Feb 10 17:09:38 client2 nfsidmap[2714]: nfs4_name_to_uid: calling nsswitch->name_to_uid Feb 10 17:09:38 client2 nfsidmap[2714]: nss_getpwnam: name '[email protected]' domain 'ipa.local': resulting localname 'root' Feb 10 17:09:38 client2 nfsidmap[2714]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0 Feb 10 17:09:38 client2 nfsidmap[2714]: nfs4_name_to_uid: final return value is 0 Feb 10 17:09:38 client2 nfsidmap[2716]: key: 0x314352bb type: gid value: [email protected] timeout 600 Feb 10 17:09:38 client2 nfsidmap[2716]: nfs4_name_to_gid: calling nsswitch->name_to_gid Feb 10 17:09:38 client2 nfsidmap[2716]: nfs4_name_to_gid: nsswitch->name_to_gid returned 0 Feb 10 17:09:38 client2 nfsidmap[2716]: nfs4_name_to_gid: final return value is 0 Feb 10 17:09:55 client2 nfsidmap[2722]: key: 0x29600d2b type: uid value: [email protected]@ipa.local timeout 600 Feb 10 17:09:55 client2 nfsidmap[2722]: nfs4_name_to_uid: calling nsswitch->name_to_uid Feb 10 17:09:55 client2 nfsidmap[2722]: nss_getpwnam: name '[email protected]@ipa.local' domain 'ipa.local': resulting localname '(null)' Feb 10 17:09:55 client2 nfsidmap[2722]: nss_getpwnam: name '[email protected]@ipa.local' does not map into domain 'ipa.local' Feb 10 17:09:55 client2 nfsidmap[2722]: nfs4_name_to_uid: nsswitch->name_to_uid returned -22 Feb 10 17:09:55 client2 nfsidmap[2722]: nfs4_name_to_uid: final return value is -22 Feb 10 17:09:55 client2 nfsidmap[2722]: nfs4_name_to_uid: calling nsswitch->name_to_uid Feb 10 17:09:55 client2 nfsidmap[2722]: nss_getpwnam: name '[email protected]' domain 'ipa.local': resulting localname 'nobody' Feb 10 17:09:55 client2 nfsidmap[2722]: nfs4_name_to_uid: nsswitch->name_to_uid returned 0 Feb 10 17:09:55 client2 nfsidmap[2722]: nfs4_name_to_uid: final return value is 0 Feb 10 17:09:55 client2 nfsidmap[2724]: key: 0x398852c2 type: gid value: [email protected]@ipa.local timeout 600 Feb 10 17:09:55 client2 nfsidmap[2724]: nfs4_name_to_gid: calling nsswitch->name_to_gid Feb 10 17:09:55 client2 nfsidmap[2724]: nfs4_name_to_gid: nsswitch->name_to_gid returned -22 Feb 10 17:09:55 client2 nfsidmap[2724]: nfs4_name_to_gid: final return value is -22 Feb 10 17:09:55 client2 nfsidmap[2724]: nfs4_name_to_gid: calling nsswitch->name_to_gid Feb 10 17:09:56 client2 nfsidmap[2724]: nfs4_name_to_gid: nsswitch->name_to_gid returned -2 Feb 10 17:09:56 client2 nfsidmap[2724]: nfs4_name_to_gid: final return value is -2 But if I mount with let's say kinit admin no logs in the syslog file of the ubuntu client. Another thing is, when mounting on both clients (ubuntu and centos), the NFS server output : "nfsserver gssproxy: gssproxy[659]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found" But it works for the centos but not for the ubuntu. ### NFS server logs for client 2 (Ubuntu) : Feb 10 17:30:01 nfsserver systemd: Created slice user-0.slice. Feb 10 17:30:01 nfsserver systemd: Starting user-0.slice. Feb 10 17:30:01 nfsserver systemd: Started Session 14 of user root. Feb 10 17:30:01 nfsserver systemd: Starting Session 14 of user root. Feb 10 17:30:01 nfsserver systemd: Removed slice user-0.slice. Feb 10 17:30:01 nfsserver systemd: Stopping user-0.slice. Feb 10 17:30:21 nfsserver rpc.gssd[756]: Closing 'gssd' pipe for /var/lib/nfs/rpc_pipefs/nfsd4_cb/clnt5 Feb 10 17:30:21 nfsserver rpc.gssd[756]: destroying client /var/lib/nfs/rpc_pipefs/nfsd4_cb/clnt5 Feb 10 17:30:21 nfsserver rpc.gssd[756]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfsd4_cb/clnt6) Feb 10 17:30:21 nfsserver rpc.gssd[756]: handle_gssd_upcall: 'mech=krb5 uid=0 [email protected] service=nfs enctypes=18,17,16,23,3,1,2 ' Feb 10 17:30:21 nfsserver rpc.gssd[756]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfsd4_cb/clnt6) Feb 10 17:30:21 nfsserver rpc.gssd[756]: process_krb5_upcall: service is 'nfs' Feb 10 17:30:21 nfsserver rpc.gssd[756]: krb5_use_machine_creds: uid 0 tgtname [email protected] Feb 10 17:30:21 nfsserver rpc.gssd[756]: Full hostname for 'client2.ipa.local' is 'client2.ipa.local' Feb 10 17:30:21 nfsserver rpc.gssd[756]: Full hostname for 'nfsserver.ipa.local' is 'nfsserver.ipa.local' Feb 10 17:30:21 nfsserver rpc.gssd[756]: Success getting keytab entry for 'nfs/[email protected]' Feb 10 17:30:21 nfsserver rpc.gssd[756]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_IPA.LOCAL' are good until 1455202622 Feb 10 17:30:21 nfsserver rpc.gssd[756]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_IPA.LOCAL' are good until 1455202622 Feb 10 17:30:21 nfsserver rpc.gssd[756]: using FILE:/tmp/krb5ccmachine_IPA.LOCAL as credentials cache for machine creds Feb 10 17:30:21 nfsserver rpc.gssd[756]: using environment variable to select krb5 ccache FILE:/tmp/krb5ccmachine_IPA.LOCAL Feb 10 17:30:21 nfsserver gssproxy: gssproxy[659]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found Feb 10 17:30:21 nfsserver rpc.gssd[756]: creating tcp client for server client2.ipa.local Feb 10 17:30:21 nfsserver rpc.gssd[756]: DEBUG: port already set to 50270 Feb 10 17:30:21 nfsserver rpc.gssd[756]: creating context with server [email protected] Feb 10 17:30:21 nfsserver rpc.gssd[756]: WARNING: Failed to create krb5 context for user with uid 0 for server [email protected] Feb 10 17:30:21 nfsserver rpc.gssd[756]: WARNING: Failed to create machine krb5context with cred cache FILE:/tmp/krb5ccmachine_IPA.LOCAL for server client2.ipa.local Feb 10 17:30:21 nfsserver rpc.gssd[756]: WARNING: Machine cache prematurelyexpired or corrupted trying torecreate cache for server client2.ipa.local Feb 10 17:30:21 nfsserver rpc.gssd[756]: Full hostname for 'client2.ipa.local' is 'client2.ipa.local' Feb 10 17:30:21 nfsserver rpc.gssd[756]: Full hostname for 'nfsserver.ipa.local' is 'nfsserver.ipa.local' Feb 10 17:30:21 nfsserver rpc.gssd[756]: Success getting keytab entry for 'nfs/[email protected]' Feb 10 17:30:21 nfsserver rpc.gssd[756]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_IPA.LOCAL' are good until 1455202622 Feb 10 17:30:21 nfsserver rpc.gssd[756]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_IPA.LOCAL' are good until 1455202622 Feb 10 17:30:21 nfsserver rpc.gssd[756]: using FILE:/tmp/krb5ccmachine_IPA.LOCAL as credentials cache for machine creds Feb 10 17:30:21 nfsserver rpc.gssd[756]: using environment variable to select krb5 ccache FILE:/tmp/krb5ccmachine_IPA.LOCAL Feb 10 17:30:21 nfsserver rpc.gssd[756]: creating tcp client for server client2.ipa.local Feb 10 17:30:21 nfsserver rpc.gssd[756]: DEBUG: port already set to 50270 Feb 10 17:30:21 nfsserver rpc.gssd[756]: creating context with server [email protected] Feb 10 17:30:21 nfsserver rpc.gssd[756]: WARNING: Failed to create krb5 context for user with uid 0 for server [email protected] Feb 10 17:30:21 nfsserver rpc.gssd[756]: WARNING: Failed to create machine krb5context with cred cache FILE:/tmp/krb5ccmachine_IPA.LOCAL for server client2.ipa.local Feb 10 17:30:21 nfsserver gssproxy: gssproxy[659]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found Feb 10 17:30:21 nfsserver rpc.gssd[756]: WARNING: Failed to create machinekrb5 context with any credentialscache for server client2.ipa.local Feb 10 17:30:21 nfsserver rpc.gssd[756]: doing error downcall ### NFS server logs for client 1 (centos 7) : Feb 10 17:34:00 nfsserver rpc.gssd[756]: Closing 'gssd' pipe for /var/lib/nfs/rpc_pipefs/nfsd4_cb/clnt0 Feb 10 17:34:00 nfsserver rpc.gssd[756]: destroying client /var/lib/nfs/rpc_pipefs/nfsd4_cb/clnt0 Feb 10 17:34:00 nfsserver rpc.gssd[756]: handling gssd upcall (/var/lib/nfs/rpc_pipefs/nfsd4_cb/clnt8) Feb 10 17:34:00 nfsserver rpc.gssd[756]: handle_gssd_upcall: 'mech=krb5 uid=0 [email protected] service=nfs enctypes=18,17,16,23,3,1,2 ' Feb 10 17:34:00 nfsserver rpc.gssd[756]: handling krb5 upcall (/var/lib/nfs/rpc_pipefs/nfsd4_cb/clnt8) Feb 10 17:34:00 nfsserver rpc.gssd[756]: process_krb5_upcall: service is 'nfs' Feb 10 17:34:00 nfsserver rpc.gssd[756]: krb5_use_machine_creds: uid 0 tgtname [email protected] Feb 10 17:34:00 nfsserver rpc.gssd[756]: Full hostname for 'client1.ipa.local' is 'client1.ipa.local' Feb 10 17:34:00 nfsserver rpc.gssd[756]: Full hostname for 'nfsserver.ipa.local' is 'nfsserver.ipa.local' Feb 10 17:34:00 nfsserver rpc.gssd[756]: Success getting keytab entry for 'nfs/[email protected]' Feb 10 17:34:00 nfsserver rpc.gssd[756]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_IPA.LOCAL' are good until 1455202622 Feb 10 17:34:00 nfsserver rpc.gssd[756]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_IPA.LOCAL' are good until 1455202622 Feb 10 17:34:00 nfsserver rpc.gssd[756]: using FILE:/tmp/krb5ccmachine_IPA.LOCAL as credentials cache for machine creds Feb 10 17:34:00 nfsserver rpc.gssd[756]: using environment variable to select krb5 ccache FILE:/tmp/krb5ccmachine_IPA.LOCAL Feb 10 17:34:00 nfsserver rpc.gssd[756]: creating tcp client for server client1.ipa.local Feb 10 17:34:00 nfsserver rpc.gssd[756]: DEBUG: port already set to 42165 Feb 10 17:34:00 nfsserver rpc.gssd[756]: WARNING: can't create tcp rpc_clnt to server client1.ipa.local for user with uid 0: RPC: Remote system error - No route to host Feb 10 17:34:00 nfsserver rpc.gssd[756]: WARNING: Failed to create machine krb5context with cred cache FILE:/tmp/krb5ccmachine_IPA.LOCAL for server client1.ipa.local Feb 10 17:34:00 nfsserver rpc.gssd[756]: WARNING: Machine cache prematurelyexpired or corrupted trying torecreate cache for server client1.ipa.local Feb 10 17:34:00 nfsserver gssproxy: gssproxy[659]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found Feb 10 17:34:00 nfsserver rpc.gssd[756]: Full hostname for 'client1.ipa.local' is 'client1.ipa.local' Feb 10 17:34:00 nfsserver rpc.gssd[756]: Full hostname for 'nfsserver.ipa.local' is 'nfsserver.ipa.local' Feb 10 17:34:00 nfsserver rpc.gssd[756]: Success getting keytab entry for 'nfs/[email protected]' Feb 10 17:34:00 nfsserver rpc.gssd[756]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_IPA.LOCAL' are good until 1455202622 Feb 10 17:34:00 nfsserver rpc.gssd[756]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_IPA.LOCAL' are good until 1455202622 Feb 10 17:34:00 nfsserver rpc.gssd[756]: using FILE:/tmp/krb5ccmachine_IPA.LOCAL as credentials cache for machine creds Feb 10 17:34:00 nfsserver rpc.gssd[756]: using environment variable to select krb5 ccache FILE:/tmp/krb5ccmachine_IPA.LOCAL Feb 10 17:34:00 nfsserver rpc.gssd[756]: creating tcp client for server client1.ipa.local Feb 10 17:34:00 nfsserver rpc.gssd[756]: DEBUG: port already set to 42165 Feb 10 17:34:00 nfsserver gssproxy: gssproxy[659]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS failure. Minor code may provide more information, No credentials cache found Feb 10 17:34:00 nfsserver rpc.gssd[756]: WARNING: can't create tcp rpc_clnt to server client1.ipa.local for user with uid 0: RPC: Remote system error - No route to host Feb 10 17:34:00 nfsserver rpc.gssd[756]: WARNING: Failed to create machine krb5context with cred cache FILE:/tmp/krb5ccmachine_IPA.LOCAL for server client1.ipa.local Feb 10 17:34:00 nfsserver rpc.gssd[756]: WARNING: Failed to create machinekrb5 context with any credentialscache for server client1.ipa.local Feb 10 17:34:00 nfsserver rpc.gssd[756]: doing error downcall So my question is : How can I deal with this display problem?
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
