Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - General
User Name
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.


  Search this Thread
Old 10-19-2010, 09:55 AM   #1
LQ Newbie
Registered: Oct 2010
Posts: 1

Rep: Reputation: 0
Can't mount nfs4 directories with Kerberos auth on CentOS 5

I have an nfs server running Solaris. It works fine and a large number of clients happily mount directories from it. But only almost all clients.

All clients that have problem run CentOS (5.4 and 5.5). I've found one or two of each version that fail, but also a couple of each version that work.

The mounting is done via autofs but that doesn't seem to make any difference. Kerberos is used for authentication.

When I try to mount a directory manually I get this:
# mount -vvvv -t nfs4 -o sec=krb5 /mnt
mount: pinging: prog 100003 vers 4 prot tcp port 2049
mount.nfs4: Permission denied
I get this in /var/log/messages:
Oct 15 15:15:12 pc13287 rpc.gssd[2780]: rpcsec_gss: gss_init_sec_context: (major) Unspecified GSS failure.  Minor code may provide more information - (minor) Unknown code krb5 60 
Oct 15 15:15:12 pc13287 rpc.gssd[2780]: WARNING: Failed to create krb5 context for user with uid 0 with any credentials cache for server
For comparison, a working machine logs this in /var/log/messages:
Oct 19 13:26:01 pc14113 rpc.gssd[2793]: ERROR: GSS-API: error in gss_acquire_cred(): Unspecified GSS failure.  Minor code may provide more information - Unknown code krb5 195 
Oct 19 13:26:01 pc14113 rpc.gssd[2793]: WARNING: Failed to create krb5 context for user with uid 121 for server
Note that there is still an error logged in the first line, but a different one. In the second line, the uid if the user changes from 0 (I'm logged in as root when doing both tests) to 121 (which is the uid of the user owning the home directory I'm trying to mount in both cases). Perhaps this is a clue, but I don't know what it tries to tell me.

The failing machine runs CentOS 5.5.

If I run the same command on one of the machines where mounting works I get the first line of output ("pinging") and nothing more. On the other hand I get a mounted directory.

I can't find any relevant differences in configuration. I've gone through files in /etc on a working and a non-working machine looking for changes but not finding anything relevant in /etc/sysconfig/nfs, /etc/hosts, /etc/idmapd.conf, /etc/krb5.conf, /etc/host.conf, /etc/nsswitch.conf, /etc/resolv.conf and others.

SELinux is not running.

This is what the keytab looks like on both working and non-working machines:
# klist -k -e
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   3 host/ (DES cbc mode with RSA-MD5) 
   3 nfs/ (DES cbc mode with RSA-MD5)
I have an yp master and an yp slave, but there are both working and non-working clients connected to both of them.

There is plenty of space in /tmp and it is writable by all.

Among the total set of clients there are multiple versions of nfs-utils and kernel used, but I can pick a set of one working and one non-working that have the same versions for both (nfs-utils-1.0.9-47.el5_5 and kernel-2.6.18-194.17.1.el5).

Obviously, I need to check something else, but what? Please help!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS4 mount is read-only? larold Linux - Enterprise 1 07-13-2010 12:45 PM
[SOLVED] can't mount via NFS4 rmahn Linux - Server 4 09-10-2009 08:35 AM
NFS4 & Kerberos: All Files/Directories Owned by nobody:nogroup ... sancho Linux - Networking 1 12-19-2007 12:55 AM
Kerberos Auth IwantLINUX Linux - Newbie 2 05-06-2007 02:22 AM
LXer: LDAP replication with Kerberos auth and k5start LXer Syndicated Linux News 0 01-25-2007 02:33 AM > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:16 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration