tor 2010-10-21 klockan 10:34 -0700 skrev James A. Peltier: > ----- Original Message ----- [...] > Please post a copy of your /etc/* files listed above so that we might > be able to look to make sure everything is correct. You may want to > look at ensuring that > > SECURE_NFS="yes" > RPCGSSDARGS="-vvv" > RPCSVCGSSDARGS="-vvv" > > is uncommented in /etc/sysconfig/nfs Only the first line was uncommented previously. With all three, I get this in /var/log/messages: > Oct 22 09:45:46 pc13287 kernel: FS-Cache: Loaded > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: handling krb5 upcall > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: Using keytab file > '/etc/krb5.keytab' > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: INFO: Credentials in CC > 'MEMORY:/tmp/krb5cc_machine_IFM.LIU.SE' are good until 1287817962 > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: using > MEMORY:/tmp/krb5cc_machine_IFM.LIU.SE as credentials cache for > machine creds > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: using environment variable to > select krb5 ccache MEMORY:/tmp/krb5cc_machine_IFM.LIU.SE > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: creating context using fsuid > 0 (save_uid 0) > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: creating tcp client for > server triangulum.ifm.liu.se > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: creating context with server > nfs@xxxxxxxxxxxxxxxxxxxxx > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: rpcsec_gss: > gss_init_sec_context: (major) Unspecified GSS failure. Minor > code may provide more information - (minor) Unknown code krb5 60 > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: WARNING: Failed to create > krb5 context for user with uid 0 for server triangulum.ifm.liu.se > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: WARNING: Failed to create > krb5 context for user with uid 0 with credentials cache > MEMORY:/tmp/krb5cc_machine_IFM.LIU.SE for server > triangulum.ifm.liu.se > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: WARNING: Failed to create > krb5 context for user with uid 0 with any credentials cache for > server triangulum.ifm.liu.se > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: doing error downcall > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: destroying client clnt1 > Oct 22 09:45:46 pc13287 rpc.gssd[2609]: destroying client clnt0 I started tail -f on the log and then ran ssh hans@pc13287 in another window. All the above appeared immediately, before I had entered any password (and nothing was logged after entering the password). > There might be others missing but we would be able to help best if we > know the contents of these files # grep -v '^#' /etc/sysconfig/nfs SECURE_NFS="yes" RPCGSSDARGS="-vvv" RPCSVCGSSDARGS="-vvv" # cat /etc/hosts # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 130.236.170.165 pc13287 130.236.160.4 loghost.ifm.liu.se loghost # cat /etc/idmapd.conf [General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = ifm.liu.se [Mapping] Nobody-User = nobody Nobody-Group = nobody [Translation] Method = nsswitch # cat /etc/krb5.conf [libdefaults] default_realm = IFM.LIU.SE default_tgs_enctypes = des-cbc-md5 default_tkt_enctypes = des-cbc-md5 # udp_preference_limit = 0 dns_lookup_realm = false dns_lookup_kdc = false allow_weak_crypto = true [realms] IFM.LIU.SE = { kdc = as-slave-1.ifm.liu.se kdc = as-slave-2.ifm.liu.se kdc = as-master.ifm.liu.se admin_server = as-master.ifm.liu.se } [... other realms deleted ...] [domain_realm] .edu.isy.liu.se = STUDENT.LIU.SE .edu.ifm.liu.se = STUDENT.LIU.SE .edu.mai.liu.se = STUDENT.LIU.SE .ad.ifm.liu.se = AD.IFM.LIU.SE ifm.liu.se = IFM.LIU.SE .ifm.liu.se = IFM.LIU.SE isy.liu.se = ISY.LIU.SE .isy.liu.se = ISY.LIU.SE lysator.liu.se = LYSATOR.LIU.SE .lysator.liu.se = LYSATOR.LIU.SE .liu.se = AD.LIU.SE [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d versions = 10 } [appdefaults] kinit = { renewable = true forwardable= true } gkadmin = { help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195 } # cat /etc/host.conf order hosts,bind # grep -v '^#' /etc/nsswitch.conf passwd: files nis shadow: files nis group: files nis hosts: files nis dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files rpc: files services: files netgroup: files nis publickey: nisplus automount: files nis aliases: files nisplus # cat /etc/resolv.conf ; generated by /sbin/dhclient-script search ad.ifm.liu.se nameserver 130.236.168.6 nameserver 130.236.168.7 nameserver 130.236.160.3 And while we're at it, this is how DNS looks: # hostname pc13287 # nslookup pc13287 Server: 130.236.168.6 Address: 130.236.168.6#53 Name: pc13287.ad.ifm.liu.se Address: 130.236.170.165 # nslookup 130.236.170.165 Server: 130.236.168.6 Address: 130.236.168.6#53 165.170.236.130.in-addr.arpa name = pc13287.ad.ifm.liu.se. Hans _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos