On Thu, Apr 22, 2021 at 5:04 PM Cem Zafer <cemzafer@xxxxxxxxx> wrote: > > Hi Ilya, > Yes you are correct, I have set auth_allow_insecure_global_id_reclaim to false. > Host ceph-common package version is 16.2.0 and the cluster ceph -v output is as follows. > > root@ceph100:~# ceph -v > ceph version 16.2.1 (afb9061ab4117f798c858c741efa6390e48ccf10) pacific (stable) > Regards. Right, so because you set auth_allow_insecure_global_id_reclaim to false, older userspace clients, in this case 16.2.0, are not allowed to connect because they won't reclaim their global_id in a secure fashion. See https://docs.ceph.com/en/latest/security/CVE-2021-20288/ for details. Thanks, Ilya > > On Thu, Apr 22, 2021 at 4:49 PM Ilya Dryomov <idryomov@xxxxxxxxx> wrote: >> >> On Thu, Apr 22, 2021 at 3:24 PM Cem Zafer <cemzafer@xxxxxxxxx> wrote: >> > >> > Hi, >> > I have recently add a new host to ceph and copied /etc/ceph directory to >> > the new host. When I execute the simple ceph command as "ceph -s", get the >> > following error. >> > >> > 021-04-22T14:50:46.226+0300 7ff541141700 -1 monclient(hunting): >> > handle_auth_bad_method server allowed_methods [2] but i only support [2] >> > 2021-04-22T14:50:46.226+0300 7ff540940700 -1 monclient(hunting): >> > handle_auth_bad_method server allowed_methods [2] but i only support [2] >> > 2021-04-22T14:50:46.226+0300 7ff533fff700 -1 monclient(hunting): >> > handle_auth_bad_method server allowed_methods [2] but i only support [2] >> > [errno 13] RADOS permission denied (error connecting to the cluster) >> > >> > When I looked at the syslog on the ceph cluster node, I saw that message >> > too. >> > >> > Apr 22 14:51:40 ceph100 bash[27979]: debug 2021-04-22T11:51:40.684+0000 >> > 7fe4d28cb700 0 cephx server client.admin: attempt to reclaim global_id >> > 264198 without presenting ticket >> > Apr 22 14:51:40 ceph100 bash[27979]: debug 2021-04-22T11:51:40.684+0000 >> > 7fe4d28cb700 0 cephx server client.admin: could not verify old ticket >> > >> > Anyone can help me out or assist to the right direction or link? >> >> Hi Cem, >> >> I take it that you upgraded to one of 14.2.20, 15.2.11 or 16.2.1 >> releases and then set auth_allow_insecure_global_id_reclaim to false? >> >> What version of ceph-common package is installed on that host? What is >> the output of "ceph -v"? >> >> Thanks, >> >> Ilya _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |