Return-Path: linux-nfs-owner@vger.kernel.org Received: from mail-wi0-f174.google.com ([209.85.212.174]:53467 "EHLO mail-wi0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1759617Ab2BJSTI convert rfc822-to-8bit (ORCPT ); Fri, 10 Feb 2012 13:19:08 -0500 Received: by wics10 with SMTP id s10so2215612wic.19 for ; Fri, 10 Feb 2012 10:19:07 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <20120210172554.5e89e364@little-poseidon> References: <20120210154526.7b504146@little-poseidon> <20120210172554.5e89e364@little-poseidon> Date: Fri, 10 Feb 2012 13:19:06 -0500 Message-ID: Subject: Re: mount hangs in NFS4+Kerberos setup From: Andy Adamson To: whats_up@gmx.net Cc: linux-nfs@vger.kernel.org Content-Type: text/plain; charset=ISO-8859-1 Sender: linux-nfs-owner@vger.kernel.org List-ID: On Fri, Feb 10, 2012 at 11:25 AM, wrote: > >> Hi >> >> It appears that the RPCSEC_GSS Kerberos calls were successful, but >> that the Kerberos principal to id mapping failed. > > Is this influenced by /etc/idmapd.conf? Yes. libnfsidmapd.023 nss_gss_princ_to_id checks the Kerberos REALM passed in the sname against the configured REALMS in /etc/idmapd.conf as explained: [General] #Verbosity = 0 # The following should be set to the local NFSv4 domain name # The default is the host's DNS domain name. #Domain = local.domain.edu # The following is a comma-separated list of Kerberos realm # names that should be considered to be equivalent to the # local realm, such that @REALM.A can be assumed to # be the same user as @REALM.B # If not specified, the default local realm is the domain name, # which defaults to the host's DNS domain name, # translated to upper-case. # Note that if this value is specified, the local realm name # must be included in the list! #Local-Realms = I believe you have not set the Local-Realms, so libnfsidmapd.023 uses the default of the upper-case of the local domain-name. Thus the nss_gss_print_ids error message: > Feb 10 14:45:17 tm rpc.svcgssd[1335]: nss_gss_princ_to_ids: Local-Realm '': NOT FOUND Try setting the Local-Realms = in /etc/idmapd.conf. -->Andy > I played with "Domain" and > "Local-Realm" but I didn't understand the exact meaning. Server and > client aren't in the same subdomain: > server: ?hostname.subdomain.domain.tld > client: ?hostname.subdomain.subdomain.domain.tld > Is this a problem? > >> What kernel is the server running? >> What nfs-utils version is the server using? >> What libnfsidmap version is the server using? > > I'm using Debian squeeze with updates. > > $ uname -a > Linux tm 2.6.32-5-686 #1 SMP Mon Jan 16 16:04:25 UTC 2012 i686 GNU/Linux > > $ dpkg -l nfs-\* > un ?nfs-client ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? (no description available) > ii ?nfs-common ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1:1.2.2-4squeeze2 ? ? ? ? ? ? ? ? ? ? ?NFS support files common to client and server > ii ?nfs-kernel-server ? ? ? ? ? ? ? ? ? ? ?1:1.2.2-4squeeze2 ? ? ? ? ? ? ? ? ? ? ?support for NFS kernel server > un ?nfs-server ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? (no description available) > > $ dpkg -l libnfsidmap\* > un ?libnfsidmap1 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? (no description available) > ii ?libnfsidmap2 ? ? ? ? ? ? ? ? ? ? ? ? ? 0.23-2 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? An nfs idmapping library > > > regards > ?knut