Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#979764: nfs-common: NFSv4 with mit kerberos sec. mounts fail after kernel update 5.9 to 5.10

209 views
Skip to first unread message

Juergen Pfennig

unread,
Jan 11, 2021, 6:40:04 AM1/11/21
to
Package: nfs-common
Version: 1:1.3.4-4
Severity: important

Dear Maintainer,

rpc.gssd seems to have problems setting up the machine credentials
cache since kernel 5.10

we see the same problem on amd64 (debian bullseye) and arm64 (raspberry using
debian bullseye). The server as a debian buster amd64. Kerberos is
provided by samba-ad-dc. Windows 2003(!!) to Windows 10 and Linux clients happily
work as domain members.

Test 1: run kernel 5.9, (auto)mount, working
Test 2: run kernel 5.10, (auto)moutn, ERROR

Thanks for your attention
Jürgen

Here some info:


Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
5 ALPHA3$@CENTAURI.HOME
5 ALPHA3$@CENTAURI.HOME
5 ALPHA3$@CENTAURI.HOME
5 ALPHA3$@CENTAURI.HOME
5 ALPHA3$@CENTAURI.HOME
2 root/alpha3.cen...@CENTAURI.HOME
2 root/alpha3.cen...@CENTAURI.HOME
2 root/alpha3.cen...@CENTAURI.HOME
2 root/alpha3.cen...@CENTAURI.HOME
2 root/alpha3.cen...@CENTAURI.HOME
2 nfs/alpha3.cen...@CENTAURI.HOME
2 nfs/alpha3.cen...@CENTAURI.HOME
2 nfs/alpha3.cen...@CENTAURI.HOME
2 lo...@CENTAURI.HOME
2 lo...@CENTAURI.HOME
2 lo...@CENTAURI.HOME
2 lo...@CENTAURI.HOME
2 lo...@CENTAURI.HOME

/etc/krb5.conf
[libdefaults]
default_keytab_name = FILE:/etc/krb5.keytab
default_realm = CENTAURI.HOME
dns_lookup_realm = false
dns_lookup_kdc = true
# for sssd?
rdns = false
ticket_lifetime = 8d
renew_lifetime = 20d

[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log

[realms]
CENTAURI.HOME = {
kdc = alpha.centauri.home
admin_server = alpha.centauri.home
default_domain = centauri.home
}

[domain-realm]
.centauri.home = CENTAURI.HOME
centauri.home = CENTAURI.HOME

# /run/systemd/transient/var-lib-centauri-import-alpha1_export.mount
# This is a transient unit file, created programmatically via the systemd API. Do not edit.
[Unit]
CollectMode=inactive-or-failed

[Mount]
What=alpha1:/export
Type=nfs
Options=vers=4,proto=tcp,sloppy,noatime,soft,intr,fsc,timeo=100,retry=0


journalctl output ...

Jan 11 11:57:01 alpha3 systemd[1]: Starting RPC security service for NFS client and server...
Jan 11 11:57:01 alpha3 rpc.gssd[2786]: doing a full rescan
Jan 11 11:57:01 alpha3 systemd[1]: Started RPC security service for NFS client and server.
Jan 11 11:57:15 alpha3 systemd[1]: var-lib-centauri-import-alpha1_export.automount: Got automount request for /var/lib/centauri/import/alpha1_export, triggered by 2790 (ls)
Jan 11 11:57:15 alpha3 systemd[1]: Mounting /var/lib/centauri/import/alpha1_export...
Jan 11 11:57:15 alpha3 kernel: nfs: Deprecated parameter 'intr'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,3,1,2' (nfs/clnt9)
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: gssd_get_single_krb5_cred: principal 'ALPHA3$@CENTAURI.HOME' ccache:'FILE:/tmp/krb5ccmachine_CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:15 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnt9)
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:15 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnt9)
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:15 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnt9)
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:15 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnt9)
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:15 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:16 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnt9)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:16 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnt9)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:16 alpha3 kernel: NFS4: Couldn't follow remote path
Jan 11 11:57:16 alpha3 kernel: nfs: Deprecated parameter 'intr'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnte)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:16 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnte)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:16 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnte)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:16 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnt10)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:16 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnt10)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:16 alpha3 rpc.gssd[2786]:
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,3,1,2' (nfs/clnt10)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: krb5_use_machine_creds: uid 0 tgtname (null)
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha1.centauri.home' is 'alpha1.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Full hostname for 'alpha3.centauri.home' is 'alpha3.centauri.home'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: No key table entry found for alpha3$@CENTAURI.HOME while getting keytab entry for 'alpha3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: Success getting keytab entry for 'ALPHA3$@CENTAURI.HOME'
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_CENTAURI.HOME' are good until 1610578635
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating tcp client for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: DEBUG: port already set to 2049
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: creating context with server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create krb5 context for user with uid 0 for server n...@alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_CENTAURI.HOME for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: ERROR: Failed to create machine krb5 context with any credentials cache for server alpha1.centauri.home
Jan 11 11:57:16 alpha3 rpc.gssd[2786]: doing error downcall
Jan 11 11:57:16 alpha3 mount[2792]: mount.nfs: access denied by server while mounting alpha1:/export
Jan 11 11:57:16 alpha3 systemd[1]: var-lib-centauri-import-alpha1_export.mount: Mount process exited, code=exited, status=32/n/a
Jan 11 11:57:16 alpha3 systemd[1]: var-lib-centauri-import-alpha1_export.mount: Failed with result 'exit-code'.
Jan 11 11:57:16 alpha3 systemd[1]: Failed to mount /var/lib/centauri/import/alpha1_export.


mount -v -v alpha1:/export /mnt/xxx -o vers=4,soft,intr,timeo=100,retry=0
mount.nfs: timeout set for Mon Jan 11 12:04:20 2021
mount.nfs: trying text-based options 'soft,intr,timeo=100,retry=0,vers=4,addr=10.21.2.11,clientaddr=10.21.2.32'
mount.nfs: mount(2): Operation not permitted
mount.nfs: trying text-based options 'soft,intr,timeo=100,retry=0,addr=10.21.2.11'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: trying 10.21.2.11 prog 100003 vers 3 prot TCP port 2049
mount.nfs: prog 100005, trying vers=3, prot=17
mount.nfs: trying 10.21.2.11 prog 100005 vers 3 prot UDP port 32767
mount.nfs: mount(2): Permission denied
mount.nfs: trying text-based options 'soft,intr,timeo=100,retry=0,addr=fe80::b62e:99ff:fe43:c8b1'
mount.nfs: prog 100003, trying vers=3, prot=6
mount.nfs: portmap query failed: RPC: Remote system error - Invalid argument
mount.nfs: an incorrect mount option was specified


ifconfig output ...

eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 1c:69:7a:64:0b:21 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0x96200000-96220000

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 622 bytes 115699 (112.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 622 bytes 115699 (112.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.21.2.32 netmask 255.255.252.0 broadcast 10.21.3.255
inet6 fe80::6c47:e568:4cea:7612 prefixlen 64 scopeid 0x20<link>
ether 0c:7a:15:6d:2d:5b txqueuelen 1000 (Ethernet)
RX packets 9503 bytes 2522716 (2.4 MiB)
RX errors 0 dropped 1165 overruns 0 frame 0
TX packets 5542 bytes 1417968 (1.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlan0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.21.2.30 netmask 255.255.252.0 broadcast 10.21.3.255
ether 0c:7a:15:6d:2d:5b txqueuelen 1000 (Ethernet)

Server's /etc/exports
# /etc/exports for alpha1/alpha2, jpf@centauri (c) 2019-06-08

/home 10.21.2.0/24(sec=krb5i:krb5,insecure,rw,sync,no_subtree_check)
/home 10.21.4.0/24(sec=krb5i:krb5,insecure,rw,sync,no_subtree_check)

/export 10.21.2.0/24(sec=krb5i:krb5,insecure,rw,sync,no_subtree_check)
/export 10.21.4.0/24(sec=krb5i:krb5,insecure,rw,sync,no_subtree_check)

/archive 10.21.2.0/24(sec=krb5i:krb5,insecure,rw,sync,no_subtree_check)
/archive 10.21.4.0/24(sec=krb5i:krb5,insecure,rw,sync,no_subtree_check)

/shared 10.21.2.0/24(sec=krb5i:krb5,insecure,rw,sync,no_subtree_check)
/shared 10.21.4.0/24(sec=krb5i:krb5,insecure,rw,sync,no_subtree_check)


-- Package-specific info:
-- rpcinfo --
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 37693 status
100024 1 tcp 56027 status
-- /etc/default/nfs-common --
NEED_STATD=no
STATDOPTS=
NEED_IDMAPD=yes
NEED_GSSD=yes
-- /etc/idmapd.conf --
[General]
Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
-- /etc/fstab --

-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-1-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages nfs-common depends on:
ii adduser 3.118
ii keyutils 1.6.1-2
ii libc6 2.31-9
ii libcap2 1:2.44-1
ii libcom-err2 1.45.6-1
ii libdevmapper1.02.1 2:1.02.173-1
ii libevent-2.1-7 2.1.12-stable-1
ii libgssapi-krb5-2 1.18.3-4
ii libkeyutils1 1.6.1-2
ii libkrb5-3 1.18.3-4
ii libmount1 2.36.1-4
ii libnfsidmap2 0.25-5.1
ii libtirpc3 1.3.1-1
ii libwrap0 7.6.q-31
ii lsb-base 11.1.0
ii rpcbind 1.2.5-9
ii ucf 3.0043

Versions of packages nfs-common recommends:
pn python <none>

Versions of packages nfs-common suggests:
pn open-iscsi <none>
pn watchdog <none>

Versions of packages nfs-kernel-server depends on:
ii keyutils 1.6.1-2
ii libblkid1 2.36.1-4
ii libc6 2.31-9
ii libcap2 1:2.44-1
ii libsqlite3-0 3.34.0-1
ii libtirpc3 1.3.1-1
ii libwrap0 7.6.q-31
ii lsb-base 11.1.0
ii netbase 6.2
ii ucf 3.0043

-- Configuration Files:
/etc/default/nfs-common changed:
NEED_STATD=no
STATDOPTS=
NEED_IDMAPD=yes
NEED_GSSD=yes


-- no debconf information

-- debsums errors found:
debsums: changed file /usr/lib/systemd/scripts/nfs-utils_env.sh (from nfs-common package)

Tobias Jachowski

unread,
Feb 14, 2021, 11:50:02 AM2/14/21
to
I observe the same behavior when upgrading the kernel from 5.9 to 5.10
((server: buster amd64, clients: bullseye amd64). However, probably
interesting to note that even when upgrading the server to bullseye and
subsequently the kernel to 5.10 I'm also not able to mount kerberized
NFS shares. The error I see on the server is:

rpc.svcgssd[17476]: ERROR: GSS-API: error in handle_nullreq:
gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor
code may provide more information) - Encryption type arcfour-hmac not
permitted

OpenPGP_signature

Jürgen Pfennig

unread,
Feb 25, 2021, 5:00:02 AM2/25/21
to
Dear Maintainers

my bug report contained the neccessary information to understand the whole
problem, but it is quite complex.


FIXING bullseye NFS4 Kerberos with SAMBA

Probably debian uses an outdated version of rpc.gssd , SAMBA behaves 100%
correctly and someone removed support for weak rpc.gssd encryption from
the 5.10 kernel.

In short: rpc.gssd wants a nfs/... SPN and SAMBA by default only writes
weak encryption keys for nfs/... into a keytab.

In SAMBA Kerberos SPNs are based on a UPN and you have to set encryption
types for the UPN to let samba export better encryption keys for the SPN:

net ads enctypes set root/alpha1.centauri.home 31

The samba behaviour is documented at:

https://wiki.samba.org/index.php/Generating_Keytabs


POTENTIAL SECURITY PROBLEM

Except from the debian rpc.gssd bug, what happens is not a bug but by
design. But there is no reasonable error message and backward compatibility
is broken.

Mount tries to use NFS3 if NFS4 fails. Does this create a security
problem? Could a mount without kerberos using NFS3 happen in this
case? This would break security completely. Sorry, I never used NFS3.

Please close this bug if it does not create a security problem via NFS3.

I am going to report the rpc.gssd / SAMBA thing as a different bug.

Thanks
Jürgen


Albert Akchurin

unread,
May 20, 2021, 10:30:03 PM5/20/21
to

Hi, Jürgen,

Thank you for posting this!
I also observe that the bug affects nfs-client on 5.10 kernel
nfs-server is not affected (works with both 5.9 and 5.10 kernels)

I followed your suggestions, but unfortunately with no luck.
I tried adding principles and building the latest nfs-utils.
But downgrading to 5.9 kernel helped!
Thanks again

Best regards,
Albert

Birger Brunswiek

unread,
Dec 30, 2021, 9:30:03 AM12/30/21
to
Hi all,

Linux kernel 5.10 removed support for RC4-HMAC [1] from Kerberos. I
suspect the reporter's client is using that encryption type. Samba used
to create keytabs only containing RC4-HMAC, DES-CBC-MD5 and DES-CBC-CRC.
Current versions of rpc.gssd use any of DES3-CBC-SHA1,
AES256-CTS-HMAC-SHA1-96 or AES128-CTS-HMAC-SHA1-96. That could be the
reason for the mount to fail. This can be checked using `klist -ke`. The
list should contain AES256-CTS-HMAC-SHA1-96 or AES128-CTS-HMAC-SHA1-96
and I guess they are missing.

Starting rpc.gssd with the `-l` to allow weak cyphers would seem like a
workaround at first but this does not work because the weak cyphers are
no longer available in the underlying libraries.

Current versions of Samba do include AES encryption types in keytab
exports. If not, it's probably because the the account's password has
not been changed since Sambe introduced support for AES. Rejoining the
client or resetting its AD account's password should help. Note,
hoewever, that AES encrption types are not exported if service
principals are used. In that case they need to be explicitly enabled
before the export [2]. For my clients I used `net ads enctypes set
<ACCOUNTNAME> 24`.

[1]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e33d2a7b3041d7f8cd1f0a2a4ca42a5bc112b14e
[2] https://wiki.samba.org/index.php/Generating_Keytabs

Cheers
Birger
0 new messages