Web lists-archives.com

Re: [Samba] Again NFSv4 and Kerberos at the 'samba way'...




Hai Marco, 

> 
> Mandi! L.P.H. van Belle via samba
>   In chel di` si favelave...
> 
> > Sofar, until tomorrow, 
> 
> Done some tests, metoo.
> 
> 1) seems that nfs-common is disabled 'by design'. Looking at debian
> changelog:
> 
>  nfs-utils (1:1.2.8-9.1) unstable; urgency=medium
> 
>   Partial sync from ubuntu, included changes:
> 
>   [ Martin Pitt ]
>   [...]
>   * 27-systemd-enable-with-systemctl-statd.patch: let the admin
>     enable/disable statd via systemd tools. (LP: #1428486)
> 
>   [...]
>   [ Andreas Henriksson ]
>   * Restore anything related to nfs-common.init and nfs-common.default
>   * debian/nfs-common.links: Mask nfs-common init script with 
> a symlink
>     to /dev/null to avoid using it under systemd.
> 
> so seems you have to enable/disable/mask single services. Note that
> still there are some troubles, eg on client:
> 
> 	root@vdmpp2:~# systemctl start nfs-idmapd
> 	Failed to start nfs-idmapd.service: Unit 
> nfs-server.service not found.
> 
> (but probably idmap is a server-only service, so it is normal?)
> and also seems that /etc/default/nfs-common are *totally* ignored (eg,
> there's no way to pass options to services).
> 
> Anyway, now i'm able to restart nfs/rpc services. ;-)

Ok, thats at least better. 

And no, /etc/default/nfs-common is not ignored. Its just harder to see it. 

systemctl cat nfs-config  
contains :  ExecStart=/usr/lib/systemd/scripts/nfs-utils_env.sh
And the nfs-utils_env.sh contains : 
[ -r /etc/default/nfs-common ] && . /etc/default/nfs-common
[ -r /etc/default/nfs-kernel-server ] && . /etc/default/nfs-kernel-server

;-) 

And 
/lib/systemd/system/rpc-svcgssd.service
Contains:  ConditionPathExists=/etc/krb5.keytab

Thats all ok. 

All i did for the server was systemctl enable nfs-server
And for the client systemctl enable nfs-client
After the setup, all other servers start if needed based on the settings in 
/etc/default/nfs-common and/or /etc/default/nfs-kernel-server 


> 
> 
> 2) doing some mounts on the same host, with verbose output, i get:
> 
>  Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: Success getting 
> keytab entry for 'nfs/vdmpp1.ad.fvg.lnf.it@xxxxxxxxxxxxx'
>  Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: WARNING: 
> Preauthentication failed while getting initial ticket for 
> principal 'nfs/vdmpp1.ad.fvg.lnf.it@xxxxxxxxxxxxx' using 
> keytab 'FILE:/etc/krb5.keytab'
>  Oct 30 15:13:33 vdmpp1 rpc.gssd[6448]: ERROR: No credentials 
> found for connection to server vdmpp1.ad.fvg.lnf.it
> 
> 'Preauthentication'?
Hmm, that is strange, it looks like this computer account is acting like a real user. 
If i look in ADUC, Tab Account, only a user has the option to "disable preauthentication" 
So this might help in solving the problem. 
Can you check in ADUC of you see the Account tab or not. 
If its really a computer, you should not see the Account tab. 


Your are getting closer at least to what is causing this problem. 

Greetz, 

Louis




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba