Ubuntu-fr

intmail

Erreur sur nfs: Permission denied / pc.gssd[808]: No credential found

Bonjour,

J'essaie de monter une partition nfs mais je heurte a chaque fois a un refus du serveur.
Si quelqu'un peux m'indiquer d'ou viens l'erreur.
Le journal /var/log/syslog indique que le probleme viens du daemon rpc.gssd.
Autre information qui pourrait nous eclairer mais qui peut etre sans importance sur le probleme:
-j'ai essayé plusieurs ticket mas pas de resultat et justement j'aimerai aussi savoir lequel a-t-on reelement besoin pour monter nfs (utilisateur root sur le cient).
-C'est bizarre mais kinit sur le client genere des messages d'erreur de mot de passe, pour cefaire je suis oblige d'aller sur le serveur pour le faire entrer a nouveau.
- il n'existe pas de firewall ni routage, les deux horloges sont identiques mais non synchronisees, kernel 3.16.3, le montage sans kerberos fonctionne sans probleme.

Ci dessous le message de mount et /var/log/syslog ainsi que divers fichiers de configuration.

Merci

** Commande "mount" sur le client:
mount -vvv -t nfs -o vers=4,sec=krb5 server.darkstar.net:/partage/data /mnt/nfs

** "Permission denied" sur le client:
mount: fstab path: "/etc/fstab"
mount: mtab path: "/etc/mtab"
mount: lock path: "/etc/mtab~"
mount: temp path: "/etc/mtab.tmp"
mount: UID: 0
mount: eUID: 0
mount: spec: "server.darkstar.net:/partage/data"
mount: node: "/mnt/nfs"
mount: types: "nfs"
mount: opts: "vers=4,sec=krb5"
mount: external mount: argv[0] = "/sbin/mount.nfs"
mount: external mount: argv[1] = "server.darkstar.net:/partage/data"
mount: external mount: argv[2] = "/mnt/nfs"
mount: external mount: argv[3] = "-v"
mount: external mount: argv[4] = "-o"
mount: external mount: argv[5] = "rw,vers=4,sec=krb5"
mount.nfs: timeout set for Sun Apr 12 23:27:41 2015
mount.nfs: trying text-based options 'vers=4,sec=krb5,addr=10.0.0.2,clientaddr=10.0.0.3'
mount.nfs: mount(2): Permission denied
mount.nfs: access denied by server while mounting server.darkstar.net:/partage/data

** Fichier de configuration /etc/exports sur le serveur:
/partage gss/krb5(rw,nohide,sync,fsid=0,no_root_squash,no_subtree_check,insecure,crossmnt)
/partage/data gss/krb5(rw,sync,nohide,no_subtree_check,no_root_squash)
note: /data is mounted and bound to /partage

**  Message d'erreur de /var/log/syslog sur le client:
Apr 12 23:06:43 darkstar rpc.idmapd[427]: New client: 6
Apr 12 23:06:43 darkstar rpc.idmapd[427]: Opened /var/lib/nfs/rpc_pipefs//nfs/clnt6/idmap
Apr 12 23:06:43 darkstar rpc.gssd[808]: ERROR: No credentials found for connection to server server.darkstar.net
Apr 12 23:06:43 darkstar rpc.gssd[809]: ERROR: No credentials found for connection to server server.darkstar.net
Apr 12 23:06:43 darkstar rpc.idmapd[427]: New client: 7
Apr 12 23:06:43 darkstar rpc.idmapd[427]: Stale client: 6
Apr 12 23:06:43 darkstar rpc.idmapd[427]: ^I-> closed /var/lib/nfs/rpc_pipefs//nfs/clnt6/idmap
Apr 12 23:06:43 darkstar rpc.idmapd[427]: Stale client: 7
Apr 12 23:06:43 darkstar rpc.idmapd[427]: ^I-> closed /var/lib/nfs/rpc_pipefs//nfs/clnt7/idmap
Apr 12 23:06:45 darkstar kernel: 00 00 00 00 00 00

** Demmarrage des daemons:
#Sur le client:
if [ ! -a /var/lib/nfs/rpc_pipefs ]; then
{
sudo /bin/mkdir -p /var/lib/nfs/rpc_pipefs
}
fi
sudo /sbin/mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs
sudo /sbin/rpc.portmap
sudo /usr/sbin/sm-notify
sudo /usr/sbin/rpc.idmapd
sudo /usr/sbin/rpc.gssd
sudo /usr/sbin/rpc.statd

#Sur le serveur:
sudo /sbin/mount -t nfsd nfsd /proc/fs/nfs

if [ ! -a /var/lib/nfs/rpc_pipefs ]; then
{
sudo /bin/mkdir -p /var/lib/nfs/rpc_pipefs
}
fi
sudo /sbin/mount -t rpc_pipefs rpc_pipefs /var/lib/nfs/rpc_pipefs
sudo /sbin/rpc.portmap
sudo /usr/sbin/rpc.idmapd
sudo /usr/sbin/rpc.gssd
sudo /usr/sbin/exportfs -av
sudo /usr/sbin/rpc.mountd
sudo /usr/sbin/rpc.statd
sudo /usr/sbin/rpc.nfsd
sudo /usr/sbin/sm-notify

** Fichier de configuration /etc/hosts sur les deux ordinateurs:
127.0.0.1 localhost
127.0.0.1 server.darkstar.net # pour le serveur uniqement
10.0.0.2 server.darkstar.net
10.0.0.3 client.darkstar.net

** Le fichier /etc/idmap.conf sur le serveur
[GENERAL]
Verbosity = 1
Domain = darkstar.net
Local-Realms = DARKSTAR

[Mapping]
Nobody-User = nobody
Nobody-Group = nobody

** Le fichier /etc/kdc.conf sur le serveur:
[kdcdefaults]
kdc_ports = 88,750

[realms]
DARKSTAR = {
kadmind_port = 749
max_life = 12h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = aes256-cts
supported_enctypes = aes256-cts:normal aes128-cts:normal
# If the default location does not suit your setup,
# explicitly configure the following values:
# database_name = /var/krb5kdc/principal
# key_stash_file = /var/krb5kdc/.k5.ATHENA.MIT.EDU
acl_file = /var/krb5kdc/kadm5.acl
}

[logging]
# By default, the KDC and kadmind will log output using
# syslog. You can instead send log output to files like this:
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log

** fichier /etc/krb5.conf sur le serveur
[libdefaults]
default_realm = DARKSTAR

[realms]
DARKSTAR = {
kdc = server.darkstar.net
kdc = server.darkstar.net
admin_server = server.darkstar.net
}

[domain_realm]
.server.darkstar.net = DARKSTAR
.client.darkstar.net = DARKSTAR
server.darkstar.net = DARKSTAR
client.darkstar.net = DARKSTAR

** Resultat de la commande "klist -ke" sur le client
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
2 host/client.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 host/client.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 host/client.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 host/client.darkstar.net@DARKSTAR (arcfour-hmac)
2 host/server.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 host/server.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 host/server.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 host/server.darkstar.net@DARKSTAR (arcfour-hmac)
2 nfs/client.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 nfs/client.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 nfs/client.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 nfs/client.darkstar.net@DARKSTAR (arcfour-hmac)
2 nfs/server.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 nfs/server.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 nfs/server.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 nfs/server.darkstar.net@DARKSTAR (arcfour-hmac)
6 admin/admin@DARKSTAR (aes256-cts-hmac-sha1-96)
6 admin/admin@DARKSTAR (aes128-cts-hmac-sha1-96)
6 admin/admin@DARKSTAR (des3-cbc-sha1)
6 admin/admin@DARKSTAR (arcfour-hmac)
2 server.darkstar.net@DARKSTAR (aes256-cts-hmac-sha1-96)
2 server.darkstar.net@DARKSTAR (aes128-cts-hmac-sha1-96)
2 server.darkstar.net@DARKSTAR (des3-cbc-sha1)
2 server.darkstar.net@DARKSTAR (arcfour-hmac)

intmail

Re : Erreur sur nfs: Permission denied / pc.gssd[808]: No credential found

Il manquait un daemon sur le serveur: rpc.svcgssd mais cela ne resoud pas le probleme.