Hello,
We are having problems with our gssd nfs mounts. I will explain our
situation.
Our clients are running SLED 11 SP1.
Our server is a Netapp filer with Ontap 7.3.3P4.
We provide NFS exported directory's with krb5 security.
Our KDC is a Windows 2003 and 2008 Active Directory.
If we use nfs-client-1.2.1-8.1 everything works as expected.
But if we upgrade to (any) newer client, all gssd mounts fail. Now there
is a bugreport on Novell Bugzilla about this :
https://bugzilla.novell.com/show_bug.cgi?id=614293#c7
Apperantly if the nfs client is compiled with --disable-tirpc , the
ticket size from the AD is to big ?
On our Redhat server we do not have these problems. There we are running
: nfs-utils-1.2.2-7
Is there an explanation for these problems ? How can i find out if a
client has been compiled with specific options. There is no nfs devel
package for suse.
Greetings .. Richard Smits
On 04/21/2011 02:58 AM, Richard Smits wrote:
> Hello,
> We are having problems with our gssd nfs mounts. I will explain our situation.
>
> Our clients are running SLED 11 SP1.
> Our server is a Netapp filer with Ontap 7.3.3P4.
>
> We provide NFS exported directory's with krb5 security.
>
> Our KDC is a Windows 2003 and 2008 Active Directory.
>
> If we use nfs-client-1.2.1-8.1 everything works as expected.
>
> But if we upgrade to (any) newer client, all gssd mounts fail. Now there is a bugreport on Novell Bugzilla about this : https://bugzilla.novell.com/show_bug.cgi?id=614293#c7
>
> Apperantly if the nfs client is compiled with --disable-tirpc , the ticket size from the AD is to big ?
Yes this problem was fixed in libitrpc with:
commit 599511589ca7ddb3b2eac8d3aa5b0b38be7a7691
Author: Jeff Layton <[email protected]>
Date: Fri Mar 5 14:27:13 2010 -0500
libtirpc: allow larger ticket sizes with RPCSEC_GSS
> On our Redhat server we do not have these problems. There we are running : nfs-utils-1.2.2-7
>
> Is there an explanation for these problems ? How can i find out if a client has been compiled with specific options. There is no nfs devel package for suse.
Good question... I don't think there is way to was to tell how each
binary has been compiled... but doing a ldd `which rpc.gssd` will show
which shared libraries will be used.. If libtirpc.so.1 does not show up
in that list the you know the rpc.gssd was compile with --disable-tirpc
steved.
On 04/23/2011 01:00 PM, Luk Claes wrote:
> On 04/23/2011 02:16 PM, Steve Dickson wrote:
>>
>>
>> On 04/21/2011 02:58 AM, Richard Smits wrote:
>>> Hello,
>>> We are having problems with our gssd nfs mounts. I will explain our situation.
>>>
>>> Our clients are running SLED 11 SP1.
>>> Our server is a Netapp filer with Ontap 7.3.3P4.
>>>
>>> We provide NFS exported directory's with krb5 security.
>>>
>>> Our KDC is a Windows 2003 and 2008 Active Directory.
>>>
>>> If we use nfs-client-1.2.1-8.1 everything works as expected.
>>>
>>> But if we upgrade to (any) newer client, all gssd mounts fail. Now there is a bugreport on Novell Bugzilla about this : https://bugzilla.novell.com/show_bug.cgi?id=614293#c7
>>>
>>> Apperantly if the nfs client is compiled with --disable-tirpc , the ticket size from the AD is to big ?
>> Yes this problem was fixed in libitrpc with:
>>
>> commit 599511589ca7ddb3b2eac8d3aa5b0b38be7a7691
>> Author: Jeff Layton <[email protected]>
>> Date: Fri Mar 5 14:27:13 2010 -0500
>>
>> libtirpc: allow larger ticket sizes with RPCSEC_GSS
>
> When will 0.2.2 be released?
I'll try to get it out sometime next week...
steved.
On 04/23/2011 02:16 PM, Steve Dickson wrote:
>
>
> On 04/21/2011 02:58 AM, Richard Smits wrote:
>> Hello,
>> We are having problems with our gssd nfs mounts. I will explain our situation.
>>
>> Our clients are running SLED 11 SP1.
>> Our server is a Netapp filer with Ontap 7.3.3P4.
>>
>> We provide NFS exported directory's with krb5 security.
>>
>> Our KDC is a Windows 2003 and 2008 Active Directory.
>>
>> If we use nfs-client-1.2.1-8.1 everything works as expected.
>>
>> But if we upgrade to (any) newer client, all gssd mounts fail. Now there is a bugreport on Novell Bugzilla about this : https://bugzilla.novell.com/show_bug.cgi?id=614293#c7
>>
>> Apperantly if the nfs client is compiled with --disable-tirpc , the ticket size from the AD is to big ?
> Yes this problem was fixed in libitrpc with:
>
> commit 599511589ca7ddb3b2eac8d3aa5b0b38be7a7691
> Author: Jeff Layton <[email protected]>
> Date: Fri Mar 5 14:27:13 2010 -0500
>
> libtirpc: allow larger ticket sizes with RPCSEC_GSS
When will 0.2.2 be released?
Cheers
Luk