[Samba] Kerberized-nfs4 home-dir stopped working
Andreas Hasenack
andreas at canonical.com
Fri Jun 17 16:57:15 UTC 2022
I'm unsure what Debian 11 has, but if it's src:nfs-utils 2.6.x, then
you should look at /etc/nfs.conf for configuration options instead of
/etc/defaults/nfs-*.
On Wed, Jun 15, 2022 at 3:56 PM Philippe Clérié via samba
<samba at lists.samba.org> wrote:
>
> Increasing Verbosity in /etc/idmapd.conf on both sides should give you some
> logging for id mapping. I would start with 5.
>
> I think that Debian 11 has moved to using an nfs-utils helper script, which
> changes some of the variables used in the systemd scripts. (I am still on
> Ubuntu 20.04 so I haven't played with those yet.) There ought to be
> variables for the options to rpc.gssd on the client side, and rpc.svcgssd
> on the server. If you set those options to -vvv you should get a lot of
> logging.
>
> Hope that helps
>
> Philippe
>
>
> The trouble with common sense is that it is so uncommon.
> <Anonymous>
>
>
> On Tue, Jun 14, 2022 at 5:27 PM Kees van Vloten via samba <
> samba at lists.samba.org> wrote:
>
> > Hi Team,
> >
> >
> > I have been using Kerberized nfs4 between 2 domain-members successfully
> > since August last year.
> >
> > All machines are Debian 11. The NFS-server and the desktop run with
> > stock Samba 4.13.
> >
> > Two days ago while I was working on the desktop-machine nfs stopped
> > communicating. After rebooting the desktop I can login with my domain
> > credentials on the console (not graphical as it requires home-dir
> > access) but the home-dir is not there.
> >
> > - wbinfo reports active connection (on all 3 items).
> >
> > - klist in my user on the desktop shows a valid ticket and if I login on
> > the nfsserver I get a valid ticket there as well
> >
> > - system time is in sync on both machines
> >
> > - resolving of domain users,groups,hosts through getent works fine, i.e.
> > winbind is working on both sides
> >
> > - On the DCs (I run Louis' 4.15.7 here) I have auditing enabled but
> > audit.log does not show any failures, while trying to access /home from
> > the desktop
> >
> > /home on the desktop gets mounted by autofs with the equivalent of:
> >
> > mount -t nfs4 -o rw,soft,sync,nodev,exec,nosuid,noatime,fsc,sec=krb5p
> > nfsserver.example.com:/home /home
> >
> > Exports on the nfsserver:
> >
> > # Root path
> > /srv/nfs
> > 192.168.1.0/24(rw,root_squash,no_subtree_check,fsid=0,crossmnt,sec=krb5p)
> > # Share paths
> > /srv/nfs/home
> > 192.168.1.0/24(rw,sync,root_squash,no_subtree_check,crossmnt,sec=krb5p)
> >
> > Where /srv/nfs/home is a bind-mount to /home
> >
> > Unfortunately I have not found a way to find some useful logging on
> > either side.
> >
> > In the end I replaced sec=krb5p on both sides (exports and autofs) with
> > sec=sys and then there is immediately access. That tells me the problem
> > must be related to Kerberos, which was my initial suspicion due to the
> > way it stopped working 2 days ago (nothing changed in the configurations
> > on either side).
> >
> > What would be the next thing to investigate?
> >
> > - Kees.
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list