NFS4 / GSS: Problem with users accessing the mounted directories (with root, everything ist okay)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 


Dear all,

I got NFS4 with GSS running on CentOS 5. Everything is okay, all TGTs are okay and is working fine for the user ROOT.

When I change to an other user, I got a permission denied, when I try to access the dierctory (e.g. ls -la)

Here is the /var/log/messages part for this access (with full debugging on ndf, ndfs and rcp):

Sep 29 10:11:59 sha9013 kernel: NFS: revalidating (0:1a/4030465)
Sep 29 10:11:59 sha9013 kernel: RPC:    0 new task procpid 15472
Sep 29 10:11:59 sha9013 kernel: RPC:    0 allocated task
Sep 29 10:11:59 sha9013 kernel: RPC:    0 looking up RPCSEC_GSS cred
Sep 29 10:11:59 sha9013 kernel: RPC: gc'ing RPC credentials for auth ffff810076dc22c0
Sep 29 10:11:59 sha9013 kernel: RPC:      gss_destroy_cred
Sep 29 10:11:59 sha9013 kernel: RPC:      gss_create_cred for uid 569926353, flavor 390003
Sep 29 10:11:59 sha9013 kernel: RPC: gss_upcall for uid 569926353
Sep 29 10:11:59 sha9013 kernel: RPC:      gss_find_upcall found nothing
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: handling krb5 upcall
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: getting credentials for client with uid 569926353 for server sha9012.hamburg.rwedea.de
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: CC file 'krb5cc_569926353' being considered
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: CC file 'krb5cc_569926353' matches owner check and has mtime of 1285746876
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: CC file 'krb5cc_0_osSsov' being considered
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: '/tmp/krb5cc_0_osSsov' owned by 0, not 569926353
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: CC file 'krb5cc_0_mLx0Bh' being considered
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: '/tmp/krb5cc_0_mLx0Bh' owned by 0, not 569926353
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: using FILE:/tmp/krb5cc_569926353 as credentials cache for client with uid 569926353 for server sha9012.hamburg.rwede
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_569926353
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: creating context using fsuid 569926353 (save_uid 0)
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: creating tcp client for server sha9012.hamburg.rwedea.de
Sep 29 10:11:59 sha9013 rpc.gssd[1645]: creating context with server nfs@xxxxxxxxxxxxxxxxxxxxxxxxx			<================================== system ist wating for 25 seconds
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: WARNING: Failed to create krb5 context for user with uid 569926353 for server sha9012.hamburg.rwedea.de
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: WARNING: Failed to create krb5 context for user with uid 569926353 for server sha9012.hamburg.rwedea.de
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: doing error downcall
Sep 29 10:12:23 sha9013 kernel: RPC:      gss_fill_context returning 13
Sep 29 10:12:23 sha9013 kernel: RPC:      gss_find_upcall found msg ffff81007e824ec0
Sep 29 10:12:23 sha9013 kernel: RPC:      gss_destroy_ctx
Sep 29 10:12:23 sha9013 kernel: RPC:      gss_pipe_downcall returning length 16
Sep 29 10:12:23 sha9013 kernel: RPC: gss_create_upcall for uid 569926353 result -13
Sep 29 10:12:23 sha9013 kernel: RPC:      rpc_release_client(ffff810073dbc200, 1)
Sep 29 10:12:23 sha9013 kernel: nfs_revalidate_inode: (0:1a/4030465) getattr failed, error=-13
Sep 29 10:12:23 sha9013 kernel: RPC:     looking up RPCSEC_GSS cred
Sep 29 10:12:23 sha9013 kernel: RPC: gss_upcall for uid 569926353
Sep 29 10:12:23 sha9013 kernel: RPC:      gss_find_upcall found nothing
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: handling krb5 upcall
Sep 29 10:12:23 sha9013 kernel: RPC:    0 freeing task
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: getting credentials for client with uid 569926353 for server sha9012.hamburg.rwedea.de
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: CC file 'krb5cc_569926353' being considered
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: CC file 'krb5cc_569926353' matches owner check and has mtime of 1285746876
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: CC file 'krb5cc_0_osSsov' being considered
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: '/tmp/krb5cc_0_osSsov' owned by 0, not 569926353
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: CC file 'krb5cc_0_mLx0Bh' being considered
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: '/tmp/krb5cc_0_mLx0Bh' owned by 0, not 569926353
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: using FILE:/tmp/krb5cc_569926353 as credentials cache for client with uid 569926353 for server sha9012.hamburg.rwede
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_569926353
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: creating context using fsuid 569926353 (save_uid 0)
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: creating tcp client for server sha9012.hamburg.rwedea.de
Sep 29 10:12:23 sha9013 rpc.gssd[1645]: creating context with server nfs@xxxxxxxxxxxxxxxxxxxxxxxxx
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: WARNING: Failed to create krb5 context for user with uid 569926353 for server sha9012.hamburg.rwedea.de
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: WARNING: Failed to create krb5 context for user with uid 569926353 for server sha9012.hamburg.rwedea.de
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: doing error downcall
Sep 29 10:12:48 sha9013 kernel: RPC:      gss_fill_context returning 13
Sep 29 10:12:48 sha9013 kernel: RPC:      gss_find_upcall found msg ffff81007e824ec0
Sep 29 10:12:48 sha9013 kernel: RPC:      gss_destroy_ctx
Sep 29 10:12:48 sha9013 kernel: RPC:      gss_pipe_downcall returning length 16
Sep 29 10:12:48 sha9013 kernel: RPC: gss_create_upcall for uid 569926353 result -13
Sep 29 10:12:48 sha9013 kernel: NFS: permission(0:1a/4030465), mask=0x1, res=-13
Sep 29 10:12:48 sha9013 kernel: RPC:     looking up RPCSEC_GSS cred
Sep 29 10:12:48 sha9013 kernel: RPC: gss_upcall for uid 569926353
Sep 29 10:12:48 sha9013 kernel: RPC:      gss_find_upcall found nothing
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: handling krb5 upcall
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: getting credentials for client with uid 569926353 for server sha9012.hamburg.rwedea.de
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: CC file 'krb5cc_569926353' being considered
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: CC file 'krb5cc_569926353' matches owner check and has mtime of 1285746876
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: CC file 'krb5cc_0_osSsov' being considered
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: '/tmp/krb5cc_0_osSsov' owned by 0, not 569926353
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: CC file 'krb5cc_0_mLx0Bh' being considered
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: '/tmp/krb5cc_0_mLx0Bh' owned by 0, not 569926353
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: using FILE:/tmp/krb5cc_569926353 as credentials cache for client with uid 569926353 for server sha9012.hamburg.rwede
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: using environment variable to select krb5 ccache FILE:/tmp/krb5cc_569926353
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: creating context using fsuid 569926353 (save_uid 0)
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: creating tcp client for server sha9012.hamburg.rwedea.de
Sep 29 10:12:48 sha9013 rpc.gssd[1645]: creating context with server nfs@xxxxxxxxxxxxxxxxxxxxxxxxx



A  klist gives the following result:
========================

Ticket cache: FILE:/tmp/krb5cc_569926353
Default principal: xdiwb@xxxxxxxxxxxxxxxxx

Valid starting     Expires            Service principal
09/29/10 08:59:35  09/29/10 18:59:54  krbtgt/HAMBURG.RWEDEA.DE@xxxxxxxxxxxxxxxxx
        renew until 09/30/10 08:59:35
09/29/10 09:00:02  09/29/10 18:59:54  nfs/sha9012.hamburg.rwedea.de@xxxxxxxxxxxxxxxxx
        renew until 09/30/10 08:59:35
09/29/10 09:54:43  09/29/10 18:59:54  nfs/sha2059.hamburg.rwedea.de@xxxxxxxxxxxxxxxxx
        renew until 09/30/10 08:59:35


Kerberos 4 ticket cache: /tmp/tkt569926353
klist: You have no tickets cached


Here the result from ls -la:
===================

?---------  ? ?    ?        ?            ? nfs4test
drwxr-xr-x  3 root root  4096 Sep 13 15:19 opt
dr-xr-xr-x 95 root root     0 Sep 27 14:28 proc
drwxr-x---  3 root root  4096 Jan 26  2010 root
drwxr-xr-x  2 root root 12288 Sep 15 04:02 sbin
drwxr-xr-x  2 root root  4096 Jan 26  2010 selinux
drwxr-xr-x  2 root root  4096 Jan 26  2010 srv
drwxr-xr-x 30 root root     0 Sep 28 09:19 sw
drwxr-xr-x 11 root root     0 Sep 27 14:28 sys
-rw-r--r--  1 root root  6932 Sep 28 10:35 tdump.dmp
drwxr-xr-x  2 root root  4096 Sep 13 17:04 test
drwxrwxrwt  4 root root  4096 Sep 29 08:59 tmp
drwxr-xr-x 14 root root  4096 Sep 13 15:01 usr
drwxr-xr-x 19 root root  4096 Sep 13 15:01 var



On the server, there is nothing inside the /var/log/messages


Could anybody help me?

Thanks a lot.



Mit freundlichen Grüßen / Best regards

Wolfgang Beyersdorf

RWE Dea AG
Abteilung IT-Infraktrukturen
Überseering 40, 22297 Hamburg, Germany
T +49 40 6375-3258
M +40 160 5497897
E Wolfgang.Beyersdorf.FA.Kontraktor@xxxxxxxxxx
I www.rwedea.com

RWE Dea AG
Vorsitzender des Aufsichtsrats: Dr. Ulrich Jobs
Vorstand: Thomas Rappuhn (Vorsitzender), Lutz-Michael Liebau, Ralf to Baben

Sitz der Gesellschaft: Hamburg
Eingetragen beim AG Hamburg, Handelsregister - Nr.: HRB 6882


--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux