Just a follow-up to my previous post. In debugging rpc.gssd on the client, here's where things are dying: creating tcp client for server filertest.safety.net.wm.edu creating context with server nfs@xxxxxxxxxxxxxxxxxxxxxxxxxxx WARNING: Failed to create krb5 context for user with uid 30487 for server filertest.safety.net.wm.edu But other users seem fine. I still think it's something to do with excessive group membership. Any suggestions are appreciated, thanks! Norman Elton College of William & Mary On Mon, Feb 3, 2014 at 4:13 PM, Norman Elton <normelton@xxxxxxxxx> wrote: > I've read stories about users having too many group memberships. We > seem to experience similar symptoms, though the usual tricks don't > seem to work. > > In our case, there is a RHEL6 NFS server feeding multiple RHEL6 NFS > clients. This is all NFSv4 with Kerberos. Most users can login fine, > but domain admins get a "permission denied" when accessing their > NFS-mounted home directory. The most notable commonality is their high > number of group memberships. > > I've tried inflating my group count to greater than 16, my account > continues to work fine. > > We've tried adding "--manage-gids" to rpc.mountd, no luck. Although > it's unclear whether this really does anything in a kerberized > environment. > > Any other suggestions? Other debugging tricks? > > Thanks > > Norman Elton -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
