On 08/01/2017 06:06 PM, Louis Garcia wrote: > should I have SECURE_NFS=yes in /etc/sysconfig/nfs ? We kind of dislike top-posting on the list. No biggie, but try to refrain from top-posting if you can. As to your problem, the first thing is to add "debug true" to /etc/gssproxy/99-nfs-client.conf first, then have a look at the journal again. You can also dial up the verbosity by setting "debug_level 3" in the same file. I don't think that the AVC denial is the cause of the problem. It looks like the denial is caused by gssproxy trying to let you know it failed. > > On Tue, Aug 1, 2017 at 7:35 PM, Louis Garcia <louisgtwo@xxxxxxxxx > <mailto:louisgtwo@xxxxxxxxx>> wrote: > > Does this have anything todo with gssproxy on the client? I did not > know I had to configure that. > > On Tue, Aug 1, 2017 at 7:20 PM, Louis Garcia <louisgtwo@xxxxxxxxx > <mailto:louisgtwo@xxxxxxxxx>> wrote: > > I found this on the client. > > gssproxy[661]: gssproxy[672]: (OID: { 1 2 840 113554 1 2 2 }) > Unspecified GSS failure. Minor code may provide more > information, No credentials cache found > gssproxy[672]: (OID: { 1 2 840 113554 1 2 2 }) Unspecified GSS > failure. Minor code may provide more information, No > credentials cache found > > This is right after, not sure if related. > > audit[651]: USER_AVC pid=651 uid=81 auid=4294967295 > ses=4294967295 > subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: > denied { send_msg } for msgtype=error er > > exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?' > > > > > > > > On Tue, Aug 1, 2017 at 7:00 PM, Rick Stevens > <ricks@xxxxxxxxxxxxxx <mailto:ricks@xxxxxxxxxxxxxx>> wrote: > > On 08/01/2017 03:24 PM, Louis Garcia wrote: > > I've setup a kdc server and I'm able to kinit from my client and get a > > ticket for ssh, nfs. I'm noticing nfs slow to mount, and disconnects > > randomly when mounted with sec=krb5p. When I mount insecurely this does > > not happen. I read that this has to do with gss but have not found a > > solution. > > Have you checked journald's output for gss-related messages? > ---------------------------------------------------------------------- > - Rick Stevens, Systems Engineer, AllDigital > ricks@xxxxxxxxxxxxxx <mailto:ricks@xxxxxxxxxxxxxx> - > - AIM/Skype: therps2 ICQ: 226437340 Yahoo: > origrps2 - > - > - > - We have enough youth, how about a fountain of > SMART? - > ---------------------------------------------------------------------- > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:users@xxxxxxxxxxxxxxxxxxxxxxx> > To unsubscribe send an email to > users-leave@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:users-leave@xxxxxxxxxxxxxxxxxxxxxxx> > > > > > > > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx > -- ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Brain: The organ with which we think that we think. - ---------------------------------------------------------------------- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
