** Description changed: Hi there! I've configured a Natty client/server pair to authenticate over Kerberos and LDAP and to mount user home directories via NFSv4 with sec=krb5. I am using a slight variation on the configuration described here: http://www.danbishop.org/2011/05/01/ubuntu-11-04-sbs-small-business- server-setup-part-3-openldap/ Under this setup, user sessions that are left unattended for a long period of time -- eg, when someone goes home for the night but stays logged in -- always result in a wedged machine. What do I mean by "wedged?" When the user returns to their session (the next morning), the screen is sorta grayed out. Keystrokes and mouse movement fail to elicit a reaction from the OS. I can switch to an ANSI terminal (Ctrl+Alt+F1), but cannot log in as the offending user there; the prompt will accept a - username and password by never return. I CAN login using my localadmin, + username and password but never return. I CAN login using my localadmin, presumably because it uses UNIX authentication rather than LDAP/Kerberos. I have heretofore been unable to recover the machine as the localadmin, though. If localadmin attempts to sudo reboot the machine, the reboot process starts but never finishes. Some odd things in the server syslog: Jun 6 07:40:15 server krb5kdc[822]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.0.59: NEEDED_PREAUTH: nfs/carina.co57....@co57.lan for krbtgt/co57....@co57.lan, Additional pre-authentication required Jun 6 07:40:15 server krb5kdc[822]: AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.0.59: ISSUE: authtime 1307360415, etypes {rep=18 tkt=18 ses=18}, nfs/carina.co57....@co57.lan for krbtgt/co57....@co57.lan Jun 6 07:40:15 server krb5kdc[822]: TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.0.59: ISSUE: authtime 1307360415, etypes {rep=18 tkt=18 ses=18}, nfs/carina.co57....@co57.lan for nfs/server.co57....@co57.lan Jun 6 07:40:15 server krb5kdc[822]: TGS_REQ (3 etypes {1 3 2}) 192.168.0.59: ISSUE: authtime 1307360415, etypes {rep=18 tkt=18 ses=1}, nfs/carina.co57....@co57.lan for nfs/server.co57....@co57.lan Jun 6 07:40:15 server nslcd[950]: [92ef4c] nslcd_passwd_byname(nfs/carina.co57.lan): invalid user name Jun 6 07:46:49 server slapd[836]: <= bdb_equality_candidates: (uid) not indexed Jun 6 07:46:49 server slapd[836]: <= bdb_equality_candidates: (cn) not indexed Jun 6 07:48:51 server slapd[836]: <= bdb_equality_candidates: (uidNumber) not indexed Jun 6 07:49:20 server slapd[836]: <= bdb_equality_candidates: (uid) not indexed Jun 6 07:57:07 server slapd[836]: <= bdb_equality_candidates: (uid) not indexed Jun 6 07:57:07 server slapd[836]: <= bdb_equality_candidates: (cn) not indexed Jun 6 07:59:35 server slapd[836]: <= bdb_equality_candidates: (uid) not indexed Jun 6 08:00:00 server slapd[836]: <= bdb_equality_candidates: (cn) not indexed Jun 6 08:00:01 server slapd[836]: last message repeated 3 times And from all over the client syslog: Jun 6 10:53:28 carina kernel: [47636.670075] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:53:33 carina kernel: [47641.666533] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:53:38 carina kernel: [47646.662437] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:53:43 carina kernel: [47651.658844] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:53:48 carina kernel: [47656.655152] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:53:53 carina kernel: [47661.651498] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:53:58 carina kernel: [47666.647829] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:03 carina kernel: [47671.644084] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:08 carina kernel: [47676.640219] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:13 carina kernel: [47681.636699] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:18 carina kernel: [47686.632981] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:23 carina kernel: [47691.629134] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:28 carina kernel: [47696.625429] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:33 carina kernel: [47701.621717] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:38 carina kernel: [47706.617861] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:43 carina kernel: [47711.614235] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:48 carina kernel: [47716.610530] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. Jun 6 10:54:53 carina kernel: [47721.606813] Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server 192.168.0.2. My intuition is the following: The user's client-side Kerberos ticket is expiring (RPCSEC_GSS errors) and the sec=krb5 on NFS is sitting in a poll loop, waiting for a new one. This is somehow causing the rest of the system to grind to a halt, whether through resource usage or blocking in the kernel. I will continue to investigate and post evidence as I come by it. In the meantime, does anybody have any ideas? Cheers! ~Brian
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/794112 Title: Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client To manage notifications about this bug go to: https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
