Kerberos的nfs在挂载时验证出错

waldo · 发表于 2020-2-23 01:29:57

本帖最后由 waldo 于 2020-2-23 01:32 编辑

在实验的过程中，普通模式的nfs是能正常挂载的（附件1、2）但是开启Kerberos后挂载出现验证失败（附件3、4、5，附件5是日志）
时间一直是同步状态，并且keytab已经尝试重建

botang · 发表于 2020-2-23 09:32:24

试验ldap用户时，应该使用ssh，避免使用su -

下面的黄色部分也不是错，说明root没有kerberos的原则

下面这些，我知道你已经改成sec=krb5p

waldo · 发表于 2020-2-23 11:58:35

本帖最后由 waldo 于 2020-2-23 12:03 编辑

唐老师，classroom上已按要求重启过，并且也尝试使用ssh连接，还是不行
classroom上的操作记录：

[root@classroom ~]# systemctl restart nfs-server
[root@classroom ~]# systemctl restart nfs-mountd
[root@classroom ~]# systemctl restart nfs-idmapd
[root@classroom ~]# systemctl restart rpcbind
[root@classroom ~]# systemctl status nfs-server
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
Drop-In: /run/systemd/generator/nfs-server.service.d
└─order-with-mounts.conf
Active: active (exited) since Sun 2020-02-23 11:45:38 CST; 14s ago
Process: 14446 ExecStopPost=/usr/sbin/exportfs -f (code=exited, status=0/SUCCESS)
Process: 14444 ExecStopPost=/usr/sbin/exportfs -au (code=exited, status=0/SUCCESS)
Process: 14442 ExecStop=/usr/sbin/rpc.nfsd 0 (code=exited, status=0/SUCCESS)
Process: 14469 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, status=0/SUCCESS)
Process: 14456 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
Process: 14454 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 14469 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 11366)
Memory: 0B
CGroup: /system.slice/nfs-server.service
Feb 23 11:45:38 classroom.example.com systemd[1]: Starting NFS server and services...
Feb 23 11:45:38 classroom.example.com systemd[1]: Started NFS server and services.
[root@classroom ~]# systemctl status nfs-mountd
● nfs-mountd.service - NFS Mount Daemon
Loaded: loaded (/usr/lib/systemd/system/nfs-mountd.service; static; vendor preset: disabled)
Active: active (running) since Sun 2020-02-23 11:45:38 CST; 23s ago
Process: 14451 ExecStart=/usr/sbin/rpc.mountd (code=exited, status=0/SUCCESS)
Main PID: 14453 (rpc.mountd)
Tasks: 1 (limit: 11366)
Memory: 1.3M
CGroup: /system.slice/nfs-mountd.service
└─14453 /usr/sbin/rpc.mountd
Feb 23 11:45:38 classroom.example.com systemd[1]: Stopped NFS Mount Daemon.
Feb 23 11:45:38 classroom.example.com systemd[1]: Starting NFS Mount Daemon...
Feb 23 11:45:38 classroom.example.com systemd[1]: Started NFS Mount Daemon.
Feb 23 11:45:38 classroom.example.com rpc.mountd[14453]: Version 2.3.3 starting
[root@classroom ~]# systemctl status nfs-idmapd
● nfs-idmapd.service - NFSv4 ID-name mapping service
Loaded: loaded (/usr/lib/systemd/system/nfs-idmapd.service; static; vendor preset: disabled)
Active: active (running) since Sun 2020-02-23 11:45:42 CST; 25s ago
Process: 14477 ExecStart=/usr/sbin/rpc.idmapd (code=exited, status=0/SUCCESS)
Main PID: 14478 (rpc.idmapd)
Tasks: 1 (limit: 11366)
Memory: 1.0M
CGroup: /system.slice/nfs-idmapd.service
└─14478 /usr/sbin/rpc.idmapd
Feb 23 11:45:42 classroom.example.com systemd[1]: Starting NFSv4 ID-name mapping service...
Feb 23 11:45:42 classroom.example.com rpc.idmapd[14478]: Setting log level to 0
Feb 23 11:45:42 classroom.example.com systemd[1]: Started NFSv4 ID-name mapping service.
[root@classroom ~]# systemctl status rpc-bind
Unit rpc-bind.service could not be found.
[root@classroom ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-02-23 11:45:45 CST; 38s ago
Docs: man:rpcbind(8)
Main PID: 14482 (rpcbind)
Tasks: 1 (limit: 11366)
Memory: 924.0K
CGroup: /system.slice/rpcbind.service
└─14482 /usr/bin/rpcbind -w -f
Feb 23 11:45:45 classroom.example.com systemd[1]: Stopped RPC Bind.
Feb 23 11:45:45 classroom.example.com systemd[1]: Starting RPC Bind...
Feb 23 11:45:45 classroom.example.com systemd[1]: Started RPC Bind.
[root@classroom ~]# cat /etc/exports
/var/ftp/pub 192.168.0.0/255.255.255.0(ro,sync,no_root_squash) 192.168.1.0/255.255.255.0(ro,sync,no_root_squash)
/home/guests 192.168.0.0/255.255.255.0(rw,sync,sec=krb5p)
[root@classroom ~]#

复制代码

desktop上的操作记录：

[root@desktop2 ~]# systemctl restart nfs-client.target
[root@desktop2 ~]# systemctl restart nfs-idmapd
[root@desktop2 ~]# systemctl restart autofs
[root@desktop2 ~]# ssh ldapuser2@desktop2.example.com
Password:
Activate the web console with: systemctl enable --now cockpit.socket
Last failed login: Sun Feb 23 11:53:43 CST 2020 from 192.168.0.2 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sun Feb 23 11:52:39 2020 from 192.168.0.2
Could not chdir to home directory /home/guests/ldapuser2: No such file or directory
[ldapuser2@desktop2 /]$ exit
logout
Connection to desktop2.example.com closed.
[root@desktop2 ~]# systemctl status nfs-client.target
● nfs-client.target - NFS client services
Loaded: loaded (/usr/lib/systemd/system/nfs-client.target; enabled; vendor preset: disabled)
Active: active since Sun 2020-02-23 11:53:12 CST; 1min 1s ago
Feb 23 11:53:12 desktop2.example.com systemd[1]: Stopped target NFS client services.
Feb 23 11:53:12 desktop2.example.com systemd[1]: Stopping NFS client services.
Feb 23 11:53:12 desktop2.example.com systemd[1]: Reached target NFS client services.
[root@desktop2 ~]# systemctl status nfs-idmapd
● nfs-idmapd.service - NFSv4 ID-name mapping service
Loaded: loaded (/usr/lib/systemd/system/nfs-idmapd.service; static; vendor preset: disabled)
Active: active (running) since Sun 2020-02-23 11:53:17 CST; 1min 4s ago
Process: 14977 ExecStart=/usr/sbin/rpc.idmapd (code=exited, status=0/SUCCESS)
Main PID: 14978 (rpc.idmapd)
Tasks: 1 (limit: 49667)
Memory: 1.0M
CGroup: /system.slice/nfs-idmapd.service
└─14978 /usr/sbin/rpc.idmapd
Feb 23 11:53:17 desktop2.example.com systemd[1]: Starting NFSv4 ID-name mapping service...
Feb 23 11:53:17 desktop2.example.com rpc.idmapd[14978]: Setting log level to 0
Feb 23 11:53:17 desktop2.example.com systemd[1]: Started NFSv4 ID-name mapping service.
[root@desktop2 ~]# systemctl status autofs
● autofs.service - Automounts filesystems on demand
Loaded: loaded (/usr/lib/systemd/system/autofs.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2020-02-23 11:53:25 CST; 1min 3s ago
Main PID: 14994 (automount)
Tasks: 6 (limit: 49667)
Memory: 7.6M
CGroup: /system.slice/autofs.service
└─14994 /usr/sbin/automount --foreground --dont-check-daemon
Feb 23 11:53:25 desktop2.example.com systemd[1]: Starting Automounts filesystems on demand...
Feb 23 11:53:25 desktop2.example.com automount[14994]: setautomntent: lookup(sss): setautomntent: No such file or directory
Feb 23 11:53:25 desktop2.example.com automount[14994]: setautomntent: lookup(sss): setautomntent: No such file or directory
Feb 23 11:53:25 desktop2.example.com automount[14994]: setautomntent: lookup(sss): setautomntent: No such file or directory
Feb 23 11:53:25 desktop2.example.com systemd[1]: Started Automounts filesystems on demand.
[root@desktop2 ~]# head -n 10 /etc/auto.guests
#
# This is an automounter map and it has the following format
# key [ -mount-options-separated-by-comma ] location
# Details may be found in the autofs(5) manpage
#cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
# the following entries are samples to pique your imagination
* -rw,soft,intr,sec=krb5p classroom.example.com:/home/guests/&
#linux -ro,soft,intr ftp.example.org:/pub/linux
[root@desktop2 ~]#

复制代码

desktop的日志：

Last login: Sun Feb 23 00:31:15 2020 from 192.168.0.1
[root@desktop2 ~]# rpc.gssd -v -v -v -v -v -f
doing a full rescan
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntf3) ev->mask (0x40000100)
inotify event for clntdir (nfs/clntf3) - ev->wd (11) ev->name (idmap) ev->mask (0x00000100)
handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2 ' (nfs/clntf3)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=* srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
gssd_get_single_krb5_cred: principal 'host/desktop2.example.com@EXAMPLE.COM' ccache:'FILE:/tmp/krb5ccmachine_EXAMPLE.COM'
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=* srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clntf3)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clntf3)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntf4) ev->mask (0x40000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntf5) ev->mask (0x40000100)
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clntf3)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
inotify event for clntdir (nfs/clntf5) - ev->wd (13) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf5) - ev->wd (13) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clntf3) - ev->wd (11) ev->name (idmap) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf4) - ev->wd (12) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf3) - ev->wd (11) ev->name (krb5) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf3) - ev->wd (11) ev->name (gssd) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf3) - ev->wd (11) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf3) - ev->wd (11) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clntf4) - ev->wd (12) ev->name (<?>) ev->mask (0x00008000)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntf6) ev->mask (0x40000100)
inotify event for clntdir (nfs/clntf6) - ev->wd (14) ev->name (idmap) ev->mask (0x00000100)
handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2 ' (nfs/clntf6)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=* srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=* srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clntf6)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clntf6)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fe574001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582516426
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntf7) ev->mask (0x40000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntf8) ev->mask (0x40000100)
WARNING: gssd_clnt_gssd_cb: failed reading request
inotify event for clntdir (nfs/clntf8) - ev->wd (16) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf8) - ev->wd (16) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clntf6) - ev->wd (14) ev->name (idmap) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf7) - ev->wd (15) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf6) - ev->wd (14) ev->name (krb5) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf6) - ev->wd (14) ev->name (gssd) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf6) - ev->wd (14) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf6) - ev->wd (14) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clntf7) - ev->wd (15) ev->name (<?>) ev->mask (0x00008000)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntf9) ev->mask (0x40000100)
inotify event for clntdir (nfs/clntf9) - ev->wd (17) ev->name (idmap) ev->mask (0x00000100)
WARNING: gssd_clnt_gssd_cb: failed reading request
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntfa) ev->mask (0x40000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntfb) ev->mask (0x40000100)
WARNING: gssd_clnt_gssd_cb: failed reading request
inotify event for clntdir (nfs/clntfb) - ev->wd (19) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntfb) - ev->wd (19) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clntf9) - ev->wd (17) ev->name (idmap) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntfa) - ev->wd (18) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf9) - ev->wd (17) ev->name (krb5) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf9) - ev->wd (17) ev->name (gssd) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf9) - ev->wd (17) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntf9) - ev->wd (17) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clntfa) - ev->wd (18) ev->name (<?>) ev->mask (0x00008000)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntfc) ev->mask (0x40000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntfd) ev->mask (0x40000100)
inotify event for clntdir (nfs/clntfc) - ev->wd (20) ev->name (gssd) ev->mask (0x00000100)
inotify event for clntdir (nfs/clntfc) - ev->wd (20) ev->name (krb5) ev->mask (0x00000100)
inotify event for clntdir (nfs/clntfc) - ev->wd (20) ev->name (krb5) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntfc) - ev->wd (20) ev->name (gssd) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntfd) - ev->wd (21) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntfc) - ev->wd (20) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntfc) - ev->wd (20) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clntfd) - ev->wd (21) ev->name (<?>) ev->mask (0x00008000)

复制代码

botang · 发表于 2020-2-23 15:39:25

waldo 发表于 2020-2-23 11:58
唐老师，classroom上已按要求重启过，并且也尝试使用ssh连接，还是不行
classroom上的操作记录：

[root@desktop4 etc]# ipa-rmkeytab -p host/desktop4.example.com -k /etc/krb5.keytab

复制代码

botang · 发表于 2020-2-23 15:39:28

waldo 发表于 2020-2-23 11:58
唐老师，classroom上已按要求重启过，并且也尝试使用ssh连接，还是不行
classroom上的操作记录：

如果重新生成classroom.example.com的krb5.keytab，那么由于其中有随机数，所以：
问题出在nfs客户端这边，尝试一下下面的命令，重新下载host/desktop4.example.com会成功（server4如果要做客户端，重复一样操作）：

[root@desktop4 etc]# ipa-rmkeytab -p host/desktop4.example.com -k /etc/krb5.keytab

复制代码

[root@desktop4 etc]# kinit admin

复制代码

[root@desktop4 etc]#ipa-getkeytab -s classroom.example.com -p host/desktop4.example.com -k /etc/krb5.keytab

复制代码

之后重启nfs-client.target和nfs-idmapd

waldo · 发表于 2020-2-23 16:07:44

本帖最后由 waldo 于 2020-2-23 16:42 编辑

botang 发表于 2020-2-23 15:39
如果重新生成classroom.example.com的krb5.keytab，那么由于其中有随机数，所以：
问题出在nfs客户端这 ...

唐老师，重新抓取key之后依然mount不上去

[root@desktop2 ~]# ipa-rmkeytab -p host/desktop2.example.com -k /etc/krb5.keytab
Removing principal host/desktop2.example.com
[root@desktop2 ~]# ktutil
ktutil: read_kt /etc/krb5.keytab
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
ktutil: uit
ktutil: Unknown request "uit". Type "?" for a request list.
ktutil: quit
[root@desktop2 ~]# kinit admin
Password for admin@EXAMPLE.COM:
[root@desktop2 ~]# ipa-getkeytab -s classroom.example.com -p host/desktop2.example.com -k /etc/krb5.keytab
Keytab successfully retrieved and stored in: /etc/krb5.keytab
[root@desktop2 ~]# ktutil
ktutil: read_kt /etc/krb5.keytab
ktutil: l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 3 host/desktop2.example.com@EXAMPLE.COM
2 3 host/desktop2.example.com@EXAMPLE.COM
ktutil: quit
[root@desktop2 ~]# systemctl restart nfs-client.target
[root@desktop2 ~]# systemctl restart nfs-idmapd
[root@desktop2 ~]# systemctl restart autofs
[root@desktop2 ~]# ssh ldapuser2@desktop2.example.com
Password:
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sun Feb 23 16:16:15 2020 from 192.168.0.2
Could not chdir to home directory /home/guests/ldapuser2: No such file or directory
[ldapuser2@desktop2 /]$ exit
logout
Connection to desktop2.example.com closed.
[root@desktop2 ~]# showmount -e classroom.example.com
Export list for classroom.example.com:
/home/guests 192.168.0.0/255.255.255.0
/var/ftp/pub 192.168.1.0/255.255.255.0,192.168.0.0/255.255.255.0
[root@desktop2 ~]# mount -o sec=krb5p classroom.example.com:/home/guests/ldapuser2/ /mnt
mount.nfs: access denied by server while mounting classroom.example.com:/home/guests/ldapuser2/
[root@desktop2 ~]# mount -o sec=krb5p classroom.example.com:/home/guests /mnt
mount.nfs: access denied by server while mounting classroom.example.com:/home/guests
[root@desktop2 ~]# mount -o sec=krb5p classroom.example.com:/home/guests /mnt
mount.nfs: access denied by server while mounting classroom.example.com:/home/guests
[root@desktop2 ~]#

复制代码

日志：

Last login: Sun Feb 23 16:52:40 2020 from 192.168.0.1
[root@desktop2 ~]# rpc.gssd -v -v -v -v -v -f
doing a full rescan
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt177) ev->mask (0x40000100)
inotify event for clntdir (nfs/clnt177) - ev->wd (11) ev->name (idmap) ev->mask (0x00000100)
handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2 ' (nfs/clnt177)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=* srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
gssd_get_single_krb5_cred: principal 'host/desktop2.example.com@EXAMPLE.COM' ccache:'FILE:/tmp/krb5ccmachine_EXAMPLE.COM'
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=* srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
WARNING: gssd_clnt_gssd_cb: failed reading request
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt178) ev->mask (0x40000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt179) ev->mask (0x40000100)
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clnt177)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
inotify event for clntdir (nfs/clnt179) - ev->wd (13) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt179) - ev->wd (13) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clnt177) - ev->wd (11) ev->name (idmap) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt178) - ev->wd (12) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt177) - ev->wd (11) ev->name (krb5) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt177) - ev->wd (11) ev->name (gssd) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt177) - ev->wd (11) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt178) - ev->wd (12) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clnt177) - ev->wd (11) ev->name (<?>) ev->mask (0x00008000)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt17a) ev->mask (0x40000100)
inotify event for clntdir (nfs/clnt17a) - ev->wd (14) ev->name (idmap) ev->mask (0x00000100)
handle_gssd_upcall: 'mech=krb5 uid=0 service=* enctypes=18,17,16,23,3,1,2 ' (nfs/clnt17a)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=* srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=* srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
WARNING: gssd_clnt_gssd_cb: failed reading request
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clnt17a)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt17b) ev->mask (0x40000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt17c) ev->mask (0x40000100)
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clnt17a)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
inotify event for clntdir (nfs/clnt17c) - ev->wd (16) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17c) - ev->wd (16) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clnt17a) - ev->wd (14) ev->name (idmap) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17b) - ev->wd (15) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17a) - ev->wd (14) ev->name (krb5) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17a) - ev->wd (14) ev->name (gssd) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17b) - ev->wd (15) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clnt17a) - ev->wd (14) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17a) - ev->wd (14) ev->name (<?>) ev->mask (0x00008000)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt17d) ev->mask (0x40000100)
inotify event for clntdir (nfs/clnt17d) - ev->wd (17) ev->name (gssd) ev->mask (0x00000100)
inotify event for clntdir (nfs/clnt17d) - ev->wd (17) ev->name (krb5) ev->mask (0x00000100)
inotify event for clntdir (nfs/clnt17d) - ev->wd (17) ev->name (idmap) ev->mask (0x00000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt17e) ev->mask (0x40000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt17f) ev->mask (0x40000100)
inotify event for clntdir (nfs/clnt17f) - ev->wd (19) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17f) - ev->wd (19) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clnt17d) - ev->wd (17) ev->name (idmap) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17e) - ev->wd (18) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17d) - ev->wd (17) ev->name (krb5) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17d) - ev->wd (17) ev->name (gssd) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17d) - ev->wd (17) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt17d) - ev->wd (17) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clnt17e) - ev->wd (18) ev->name (<?>) ev->mask (0x00008000)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt180) ev->mask (0x40000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clnt181) ev->mask (0x40000100)
inotify event for clntdir (nfs/clnt180) - ev->wd (20) ev->name (gssd) ev->mask (0x00000100)
inotify event for clntdir (nfs/clnt180) - ev->wd (20) ev->name (krb5) ev->mask (0x00000100)
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clnt180)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clnt180)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
WARNING: Machine cache prematurely expired or corrupted trying to recreate cache for server classroom.example.com
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop2.example.com' is 'desktop2.example.com'
No key table entry found for desktop2$@EXAMPLE.COM while getting keytab entry for 'desktop2$@EXAMPLE.COM'
No key table entry found for DESKTOP2$@EXAMPLE.COM while getting keytab entry for 'DESKTOP2$@EXAMPLE.COM'
No key table entry found for root/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop2.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop2.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop2.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop2.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7fb134001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582534867
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com
doing error downcall
inotify event for clntdir (nfs/clnt180) - ev->wd (20) ev->name (krb5) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt180) - ev->wd (20) ev->name (gssd) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt181) - ev->wd (21) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt180) - ev->wd (20) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clnt180) - ev->wd (20) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clnt181) - ev->wd (21) ev->name (<?>) ev->mask (0x00008000)

复制代码

botang · 发表于 2020-2-23 17:43:16

waldo 发表于 2020-2-23 16:07
唐老师，重新抓取key之后依然mount不上去日志：

如果能挂上，日志应该这样：
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc4121_buffer: protocol 1
prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32
doing downcall: lifetime_rec=86025 acceptor=nfs@classroom.example.com
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntbc) ev->mask (0x40000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntbd) ev->mask (0x40000100)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntbe) ev->mask (0x40000100)
inotify event for clntdir (nfs/clntbd) - ev->wd (16) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntbd) - ev->wd (16) ev->name (<?>) ev->mask (0x00008000)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntbf) ev->mask (0x40000100)
handle_gssd_upcall: 'mech=krb5 uid=0 enctypes=18,17,16,23,3,1,2 ' (nfs/clntbb)
krb5_use_machine_creds: uid 0 tgtname (null)
gssd_refresh_krb5_machine_credential: hostname=classroom.example.com ple=(nil) service=(null) srchost=(null)
Full hostname for 'classroom.example.com' is 'classroom.example.com'
Full hostname for 'desktop4.example.com' is 'desktop4.example.com'
No key table entry found for desktop4$@EXAMPLE.COM while getting keytab entry for 'desktop4$@EXAMPLE.COM'
No key table entry found for DESKTOP4$@EXAMPLE.COM while getting keytab entry for 'DESKTOP4$@EXAMPLE.COM'
No key table entry found for root/desktop4.example.com@EXAMPLE.COM while getting keytab entry for 'root/desktop4.example.com@EXAMPLE.COM'
No key table entry found for nfs/desktop4.example.com@EXAMPLE.COM while getting keytab entry for 'nfs/desktop4.example.com@EXAMPLE.COM'
Success getting keytab entry for 'host/desktop4.example.com@EXAMPLE.COM'
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582537234
gssd_refresh_krb5_machine_credential: hostname=(null) ple=0x7f31bc001e60 service=(null) srchost=(null)
INFO: Credentials in CC 'FILE:/tmp/krb5ccmachine_EXAMPLE.COM' are good until 1582537234
creating tcp client for server classroom.example.com
DEBUG: port already set to 2049
creating context with server nfs@classroom.example.com
DEBUG: serialize_krb5_ctx: lucid version!
prepare_krb5_rfc4121_buffer: protocol 1
prepare_krb5_rfc4121_buffer: serializing key with enctype 18 and size 32
doing downcall: lifetime_rec=86009 acceptor=nfs@classroom.example.com
inotify event for clntdir (nfs/clntbf) - ev->wd (18) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntbf) - ev->wd (18) ev->name (<?>) ev->mask (0x00008000)
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntc0) ev->mask (0x40000100)
WARNING: gssd_clnt_gssd_cb: failed reading request
inotify event for topdir (nfs) - ev->wd (8) ev->name (clntc1) ev->mask (0x40000100)
inotify event for clntdir (nfs/clntc0) - ev->wd (19) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntc0) - ev->wd (19) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clntbe) - ev->wd (17) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntbe) - ev->wd (17) ev->name (<?>) ev->mask (0x00008000)
inotify event for clntdir (nfs/clntbc) - ev->wd (15) ev->name (info) ev->mask (0x00000200)
inotify event for clntdir (nfs/clntbc) - ev->wd (15) ev->name (<?>) ev->mask (0x00008000)-----------------------------------------------------------------------------------------------------------------------------------
所以你的日志中这里有问题：

WARNING: Failed to create krb5 context for user with uid 0 for server nfs@classroom.example.com
WARNING: Failed to create machine krb5 context with cred cache FILE:/tmp/krb5ccmachine_EXAMPLE.COM for server classroom.example.com
ERROR: Failed to create machine krb5 context with any credentials cache for server classroom.example.com

waldo · 发表于 2020-2-23 18:43:14

本帖最后由 waldo 于 2020-2-23 19:14 编辑

botang 发表于 2020-2-23 17:43
如果能挂上，日志应该这样：
DEBUG: port already set to 2049
creating context with server nfs@clas ...

同样的文件同样的指令server2就能挂上去，删除原有key重新获取也没问题，但是desktop2重做多次都不行
-----------------------------------------------------------------------------------------------------------------

解决了，不知道desktop那边的keytab出了什么问题，要在classroom生成之后传过去才行

botang · 发表于 2020-2-23 20:09:16

waldo 发表于 2020-2-23 18:43
同样的文件同样的指令server2就能挂上去，删除原有key重新获取也没问题，但是desktop2重做多次都不行
- ...

好的，实在不行，也可以用RHEL7的土办法“ktadd -randkey”的krb5.key来生成ipa的keytab ，一样成功的。因为原理和kerberos都是一样，就像单独点餐和套餐中的鸡腿都是一种鸡腿一样。这种土办法，在生产环境中用过！！！！因为大家刚开始其实对IPA的命令都不熟悉，能解决问题就行。

Kerberos的nfs在挂载时验证出错

浏览过的版块